Florian Pennings, EU Government Affairs Manager

Lorelien Hoet, EU Government Affairs Director

Microsoft : global cloud player &

cybersecurity stakeholder in a

European telecom environment

EU Telecom Security meeting

Article 13a expert group

12 February 2020

50 Regions 140 Countries

MICROSOFT INFRASTRUCTURE INVESTMENTS

Microsoft Intelligent Security Graph

400Bemails

analyzed

1.2Bdevices

scanned each month

200+global cloud

customer and commercial services

930Mthreats detected on devices every month

Shared threat data from partners,

researchers, and law enforcement worldwide

Botnet data from Microsoft Digital

Crimes Unit

18B+Bing web pages

scanned 450Bmonthly

authentications

Enterprise security

for 90% of

Fortune 500

750M+Azure user accounts

Azure

Outlook

Xbox Live

Bing

OneDrive

Windows

Microsoftaccounts

Microsoft platform

6.5 TRILLION signals per day

Our reality is changing

GEOPOLITICAL CHANGE

EVOLUTION OF TECHNOLOGY

PERSISTENCE OF THREAT

Nation States, Activists, Terror

Groups

BRAZEN, COMPLEX,

PERSISTENT

Motives:IP Theft,Damage,

Disruption

Persistence of threatEvolution of attacks

2005-2012

Organized Crime

RANSOMWARE, CLICK-FRAUD,

IDENTITY THEFT

Motive: Profit

Script Kiddies

BLASTER, SLAMMER

Motive: Mischief

2012 - TODAY2003-2004

Threat group information sharing:

• Thallium: which is believed to operate from North Korea• Phosphorus: which we believe originates from Iran• Strontium (Fancy Bear/APT28): associated with Russia

Microsoft as policy stakeholder

NIS Directive

Cybersecurity Act

Cybersecurity Competences Centre & Network

Public private cooperation

Harmonization of international standards

Cybersecurity Skills

Remain inclusive. Cybersecurity is global.

From article 13a Framework Directive to article 40 EECC ….

8

• Definition of “electronic communication services” (ECS) broadened to include i.a.number-independent interpersonal communication services (NIICS)

• Differences between ECS and NIICS: • By nature• In geographical scope

New paradigm / requires new thinking :

• Difficult / unfeasible to apply current article 13a measures to NIICS

• More harmonization necessary

• More cross-border co-operation

From article 40 EECC to 5G security…?

9

“5G is key to Europe’s digital transformation”

• Risk of blurring the lines between “strategic measures” and “technical measures” (concepts 5G security toolbox)

• Harmonization is absolutely required to avoid fragmented EU market

• B2B IOT market is no longer national

• Suppliers must be able to provide pan-European services to allow for digital transformation

• Avoid material overlaps between article 40, NIS, cybersecurity certification, ….

“5G security is key”