At Washington Post Live's 2013 Cybersecurity Summit, Microsoft’s Craig Mundie cites a health space analogy for what companies and government bodies need in a vulnerable cyber world. He says we need a World Health Organization equivalent for networks. ”This is where I think government has a role to play,” Mundie says. “If all governments are late to the party, you do have the tendency for the private sector to come forward. In the U.S., it’s vigilantism, it’s illegal to chase bad guys up the wire and certainly illegal to shoot back." (Washington Post Live)

As part of its 2013 Cybersecurity Summit, Washington Post Live convened leading national security officials, industry experts and journalists for conversations addressing cyber risks and the future of cyber defense.

Craig Mundie, senior adviser to the chief executive, Microsoft

I remember back around 2000, which was before 9/11, the pendulum at that time had clearly swung to privacy and, in fact, Bill Gates and I embarked on creating this Trustworthy Computing initiative at Microsoft because we not only thought we had to support the privacy issues that people had as the Internet was emerging, but it was clear that we had these cybersecurity problems that were also emerging.

And then along came 9/11, and poof — the pendulum just moved from one side to the other. And then we got things like the Patriot Act and other things to support all that intelligence. And for more than a decade, countries outside the United States and businesses outside the United States have been worried about, well, what did this Patriot Act really mean? So all the companies had to be able to explain to people what the reality of those things was as opposed to the mythology of them. And I think we all continue to embark on that.

At this point, we’ve had another stimulus, the Snowden leaks. Frankly, the success that governments around the world have had in fighting back some of the threats has given people a sense of comfort and security. And they say, “Well, maybe it’s okay to move it back,” and the Snowden leaks bring that discussion to the fore again. I think you’re always going to see a tension between the privacy question, both domestically and globally, and the security question.

I think people need to understand that really in the last 12 months, there’s been a qualitative change where the threats really are moving to destructive types of attacks. And, unlike conventional weapons, every time anybody in the world shoots one of these weapons, all the bad guys get to observe it, and they all immediately figure out how it works and how to clone it.

So it doesn’t matter whether you’re a bunch of hacktivists or two guys in a bunker somewhere that are disenchanted or nation-states. This capability escalates globally very rapidly, and that’s a property that we haven’t seen in weapons in the past.

The arms race in cybersecurity

After leaks, NSA struggles for trust

Fort Meade transforming from Army base to cyber city