Microsoft said Tuesday a digital Geneva Convention for cybersecurity is long overdue to task governments to protect civilians from nation-state cyberattacks in times of peace. “The time has arrived to call on the world’s governments to implement international rules to protect the civilian use of the internet,” said Brad Smith, President and Chief Legal Officer at Microsoft in a blog post on the company’s website.
The tech company draws a parallel between the role of the Red Cross as first responders in times of crisis, and tech firms as digital first responders who should commit themselves to a collective action to “make the internet a safer place.”
A cyber-attack by one nation-state is met initially not by a response from another nation-state, but by private citizens. “And as the private citizens thrust into this challenge, the question for all of us in the tech sector is what we will do to address it?” asked Smith.
Microsoft Outlines the Following as a Way Forward:
[Just as the United States and China overcame mutual challenges and made important progress in 2015 to ban intellectual property cyber-theft, the United States and Russia can hammer out a future agreement to ban the nation-state hacking of all the civilian aspects of our economic and political infrastructures.
Governments around the world should pursue a broader multilateral agreement that affirms recent cybersecurity norms as global rules. Just as the world’s governments came together in 1949 to adopt the Fourth Geneva Convention to protect civilians in times of war, we need a Digital Geneva Convention that will commit governments to implement the norms that have been developed to protect civilians on the internet in times of peace.
A Digital Geneva Convention needs to create an independent organization that spans the public and private sectors. Specifically, the world needs an independent organization that can investigate and share publicly the evidence that attributes nation-state attacks to specific countries.]
Microsoft emphasized the important role of tech companies in protecting civilians against nation-state attacks:
“We need to start with a clear premise. Even in a world of growing nationalism, when it comes to cybersecurity the global tech sector needs to operate as a neutral Digital Switzerland. We will assist and protect customers everywhere. We will not aid in attacking customers anywhere. We need to retain the world’s trust. And every government regardless of its policies or politics needs a national and global IT infrastructure that it can trust.”