Microsoft’s Brad Smith calls for Digital Geneva Convention on cyberwarfare

Arif Bacchus

Brad Smith, Microsoft’s president and chief legal officer, today took to a blog post to announce calls for a Digital Geneva Convention on cyber warfare. The calls from Microsoft come at a time of increasing cyber crime, and as state-sponsored cyber attacks continue to rise.

According to Brad Smith’s post, just as the Fourth Geneva Convention protects civilians in times of war, there also needs to be a Digital Geneva Convention that commits governments to protecting civilians from nation-state attacks in times of peace. His post calls on the tech sector as ” the internet’s first responders” and addresses four key areas in which the industry can “commit to collective action that will make the internet a safer place, affirming a role as a neutral Digital Switzerland that assists customers everywhere and retains the world’s trust.”

Covered in the post are recent cyber hacks, such as the North Korea hack on Sony Studios, and mentions of how 74 percent of the world’s businesses expect to be hacked each year, with the estimated economic loss of cybercrime to reach $3 trillion by 2020. Smith addresses stronger individual tech sector responses, and how Microsoft is taken steps to protect customers through programs such as Advanced Threat Protection for Microsoft Exchange Online, The Microsoft Threat Intelligence Center, and Cyber Defense Operations Center.

We suddenly find ourselves living in a world where nothing seems off limits to nation-state attacks.  Conflicts between nations are no longer confined to the ground, sea and air, as cyberspace has become a potential new and global battleground.  There are increasing risks of governments attempting to exploit or even weaponize software to achieve national security objectives, and governmental investments in cyber offense are continuing to grow.

Smith highlights the need for a Digital Geneva Convention to protect civilians on the internet, and the fact that Digital Geneva Convention needs to create an independent organization that spans the public and private sectors.

While there is no perfect analogy, the world needs an organization that can address cyber threats in a manner like the role played by the International Atomic Energy Agency in the field of nuclear non-proliferation.  This organization should consist of technical experts from across governments, the private sector, academia and civil society with the capability to examine specific attacks and share the evidence showing that a given attack was by a specific nation-state.  Only then will nation-states know that if they violate the rules, the world will learn about it.

To wrap up, Smith highlights that the tech sector needs to “act collectively to better protect the internet and customers everywhere from nation-state attacks.” He writes,

We will assist and protect customers everywhere.  We will not aid in attacking customers anywhere.  We need to retain the world’s trust.  And every government regardless of its policies or politics needs a national and global IT infrastructure that it can trust. This commitment to 100 percent defense and zero percent offense has been fundamental to our approach as a company and an industry. And it needs to remain this way in the future.

Brad Smith’s comments can be read in depth here. Do you agree with the calls for calls for a Digital Geneva Convention? Let us know what you think by dropping us a comment below!