Microsoft is calling on technology companies across the globe to form a Digital Geneva Convention to address state-sponsored cyber-attacks.
The company’s president and chief legal officer Brad Smith said civilian Internet use must be protected and, to do that, the tech sector needs to call on the world’s governments for the implementation of international rules.
“We now need a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace,” Smith said.
“The tech sector plays a unique role as the Internet’s first responders and we, therefore, should commit ourselves to collective action that will make the Internet a safer place, affirming a role as a neutral Digital Switzerland that assists customers everywhere and retains the world’s trust.”
Smith said it is unacceptable that 74 percent of the world’s businesses expect they will be hacked each year. That fear came to the forefront back in 2014 when a cyber-attack from the state-sponsored Guardians of Peace shut down Sony Pictures’ systems across the globe. The Federal Bureau of Investigation officially pointed the finger at the North Korean government after discovering a number of similarities between the “infrastructure” used in the attack on Sony and other cyber-attacks U.S. law agencies have linked directly to North Korea.
This November 2014 attack was followed the next year by “even more visible international discussion about nation-state attacks aimed at the theft of companies’ intellectual property,” Smith said, adding that 2016 brought the issue of hacking connected to the democratic process front and center.
“For two-thirds of a century, since 1949, the world’s nations have recognized through the Fourth Geneva Convention that they need to adhere to rules that protect civilians in times of war. But nation-state hacking has evolved into attacks on civilians in times of peace,” Smith said.
“This is not the world that the Internet’s inventors envisioned 25 years ago. But it’s the world that we inhabit today. And as the private citizens thrust into this challenge, the question for all of us in the tech sector is what we will do to address it.”
Smith said the security-related product features created by Microsoft and other tech companies are only a small component of the puzzle.
He said the formation of an agency including governmental tech experts, private industry, academia and civil society is key to addressing the issue. That agency would have the power to investigate cyber-attacks and share publicly the evidence attributing nation-state attacks to specific countries.
“Only then will nation-states know that if they violate the rules, the world will learn about it,” Smith said.