Speaking at the RSA Conference in San Francisco on Tuesday, Microsoft President Brad Smith outlined a proposed Digital "Geneva Convention" to set standards for protecting civilians from cyberattacks by nation-states.
Smith also argued that security vendors should separately commit not to assist nation states in their attacks.
- The situation worsened in one additional and important way: "For two-thirds of a century, since 1949, the world's nations have recognized through the Fourth Geneva Convention that they need to adhere to rules that protect civilians in times of war". Many of these cyberattacks are conducted by nation-states, but aimed at private companies.
Smith highlights potential clauses such as refraining from attacks on the private sector or critical infrastructure, and the theft of intellectual property. Smith noted that 74 percent of businesses expect to be hacked this year, and the estimated loss from cybercrime will be $3 trillion United States dollars by 2020.
Smith also said the solution will require the technology industry as a whole to act fairly and impartially in order to "retain the world's trust" and not be seen as extensions of governments with agendas.
"This organization should consist of technical experts from across governments, the private sector, academia and civil society with the capability to examine specific attacks and share the evidence showing that a given attack was by a specific nation-state. Instead of nation-state attacks being met by responses from other nation states, they're being met by us". A similar accord was signed by members of the G20 several months later. Some of these cyber attacks included the 2014 Sony Pictures hack that USA officials linked to North Korea as well as the 2016 hacks on the Democratic National Committee and the Hillary Clinton presidential campaign that the us intelligence community has tied to Russian Federation. Last October, the White House accused Moscow of orchestrating cyberattacks against the DNC and Democratic officials in an attempt to meddle in the presidential elections.
"Even in a world of growing nationalism, when it comes to cybersecurity the global tech sector needs to operate as a neutral Digital Switzerland", Smith said.
Repeatedly, he called for the tech industry to be "a neutral digital Switzerland upon which everyone can rely". "We will protect customers, focus on defense, collaborate with each other, and we will provide patches to all customers everywhere regardless of the attacks they face, and we will do our part to address the world's needs".
"We suddenly find ourselves living in a world where nothing seems off limits to nation-state attacks". "We are going to need to do more, and we are going to need to do more together if we're going to address this problem effectively". Despite a rise in attacks on governments, infrastructure and political institutions, few worldwide agreements now exist governing acceptable use of nation-state cyber attacks.