Microsoft has today launched a European Security Programme (ESP) for government bodies in the region, throwing a protective embrace around all 27 European Union (EU) member states, EU accession candidates, European Free Trade Association members, the UK, Monaco and the Vatican.
Recognising that the European cyber threat landscape is in a state of flux as the confluence of artificial intelligence (AI) and digital technologies drives evolution and surfaces new challenges, Microsoft vice-chair and president Brad Smith said Europe could not afford to stand still in cyber matters, particularly as ransomware gangs and nation-state threat actors run rampant.
The programme builds on a pre-existing Government Security Programme (GSP) that has been operating in a similar capacity for some time, but Microsoft said it now wants to increase the flow of information and resources to help European governments increase their resilience.
As such, the ESP contains three core elements: increasing threat intelligence sharing with government agencies; investing more to strengthen security capacity and resilience; and expanding partnerships to disrupt cyber attacks and take down criminal networks.
“Together, these efforts reflect Microsoft’s long-term commitment to defending Europe’s digital ecosystem – ensuring that, no matter how the threat landscape evolves, we will remain a trusted and steadfast partner to Europe in securing its digital future,” said Smith, as he launched the programme at an event in Berlin.
“Our commitment to Europe is deep, enduring and unwavering,” he continued. “We believe that Europe’s digital future is one of the most important opportunities of our time – and protecting that future is a responsibility we share.
“We will stand shoulder to shoulder with European governments, institutions and communities to defend against threats, build capacity and strengthen resilience,” said Smith. “We are proud to be a trusted partner to Europe, and we will continue to work every day to earn trust through transparency, collaboration and a steadfast commitment to protecting what matters most.”
Microsoft’s later initiative forms part of a broader set of European Digital Commitments announced a few weeks ago – which includes plans to expand its regional datacentre capacity by approximately 40% over the coming years.
Digging deeper
Microsoft went on to outline how each of the three pillars of the ESP will work:
Threat intelligence sharing: Using AI to support analysis of cyber threat activity and glean more insight in real time, helping governments defend proactively. Meanwhile, the capacity of the existing Digital Crimes Unit (DCU) will be expanded to support law enforcement partners through the Cybercrime Threat Intelligence Programme.
At the same time, Microsoft’s Threat Analysis Centre will ramp up its analysis of influence operations in Europe to help governments stay ahead of disinformation campaigns and other hybrid threats targeting the region’s democracies.
Finally, Microsoft will offer prioritised security updates and vulnerability notification and management services to European partners. All participating governments will also receive a dedicated point of contact to coordinate responses and escalate concerns.
Security investment: Microsoft plans to pump additional resources to further its work with governments, civil society bodies and innovators, to strengthen local cyber capabilities and capacity, and improve resilience. It is already piloting a programme alongside the Europol Cybercrime Centre (EC3) to embed DCU personnel at its Netherlands-based HQ to work better together.
Additionally, Microsoft is renewing its existing partnership with the CyberPeace Institute, supporting non-governmental organisations and making more resources available to expand cyber support in eastern Europe via the Western Balkans Cyber Capacity Centre, supporting a geopolitically sensitive and digitally under-resourced part of Europe where malicious actors continue to work to destabilise countries bordering or hoping to join the EU.
More broadly, Microsoft hopes to fund AI security research and innovation, and is already working with the UK Laboratory for AI Security Research, which is supported by Plexal and The Alan Turing Institute, among others, to better support the security of open source development projects, raising the security posture of European projects such as Log4J and Scancode alongside a recently launched GitHub fund.
Expanding partnerships: The final pillar of the ESP will see Microsoft work more closely with law enforcement and regional bodies to identify new and innovative ways to disrupt malicious cyber activity.
Microsoft is already a key player in this regard – only last month, it worked with Europol EC3 on the Lumma infostealer takedown that had compromised nearly 400,000 devices in Europe. On the basis that more of that kind of thing is always a good idea, Microsoft recently launched the Statutory Automated Disruption Programme to automate legal abuse notifications to hosting companies, helping them remove malicious domains and IP addresses quicker. It will also be working with internet service providers on a similar basis.
As part of this expansion, Microsoft will lean more on the DCU, which in recent years has become much more active in running its own legal actions against nation-state threat actors – such as the October 2024 action against Star Blizzard (aka Coldriver), which has seen the group forced to significantly alter its tactics. Smith hinted that more such coordinated disruptions were on the horizon.
