Microsoft Calls for a “Digital Geneva Convention” to Deter Nation-State Hacking
According to stats from the "Information Systems Audit and Control Association," 74 percent of the world’s businesses expect to be hacked each year. This is why Brad Smith, Microsoft's President and Chief Legal Officer, wants the tech industry and the world’s governments to create a Digital Geneva Convention that could "implement international rules to protect the civilian use of the internet."
"The economic loss of cybercrime is estimated to reach $3 trillion by 2020," Smith wrote in a lengthy blog post earlier Tuesday. "Yet as these costs continue to climb, the financial damage is overshadowed by new and broadening risks."
Smith also outlined this proposal of a "Digital Switzerland" during keynote remarks to a packed audience at this year's RSA cybersecurity conference in San Francisco. This week's security conference is getting more focus than ever before, thanks to the 2016 US presidential election, which generated more news on cyberattacks, email leaks, and cybersecurity blunders than anything else. The United States had formally accused Russia of hacking the Democratic Party to influence election results. While the US and private security firms released reports showing a connection to Russia, not everyone trusted these results since Russia won't accept the blame and a Democratic President was then leading the US.
A neutral Digital Geneva that retains the world’s trust
To combat the growing threat of cyberattacks by nation states, Smith suggests the world needs a neutral international organization that can officially and impartially point out when nation-states are responsible for cyberattacks. This is because no government can be trusted to blame itself, nor can the entire world accept the results of analysis that is conducted by a target country - something that we saw after CIA's report on US election campaign hacks.
Specifically, the world needs an independent organization that can investigate and share publicly the evidence that attributes nation-state attacks to specific countries.
"Just as the Fourth Geneva Convention has long protected civilians in times of war, we now need a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace," Smith wrote. "And just as the Fourth Geneva Convention recognized that the protection of civilians required the active involvement of the Red Cross, protection against nation-state cyberattacks requires the active assistance of technology companies."
The tech sector plays a unique role as the internet’s first responders, and we therefore should commit ourselves to collective action that will make the internet a safer place, affirming a role as a neutral Digital Switzerland that assists customers everywhere and retains the world’s trust.
The longtime Microsoft employee shared this proposal to a packed crowd in San Francisco. "Let’s face it, cyberspace is the new battlefield," he said. As a result, Smith urged the tech sector and the world’s governments "to adopt a Digital Geneva Convention to protect civilians on the internet" and commit to "100 percent defense and zero percent offense."