In August, the United Nations (UN) released its most substantial recommendations to date for how governments can secure cyberspace from escalating conflict. The recommendations recognize that international law applies to state behavior online and lists specific sectors that should be considered critical infrastructure and thus off-limits to attack, including healthcare, the electrical grid, education, financial services, transportation, telecommunications and electoral processes. But while this is progress, it is still not enough. The recent deluge of damaging cyberattacks, against everything from oil pipelines to food supplies to aid agencies, and increasingly damaging ransomware attacks on a variety of sectors, demand that we take concrete action that implements and upholds the rules of the road in cyberspace. UN member states must now take these recommendations, coupled with others released earlier this year, and quickly turn them into meaningful and enforceable expectations. To read Microsoft's response to the report, visit Microsoft on the Issues.