Microsoft's president Brad Smith is now calling for the foundation of an international body similar to the Geneva Convention that will protect civilians from the emerging spate of cyberattacks perpetuated by nation states.
Digital Geneva Convention
According to Smith, the urgency of the situation should be highlighted by the way the global economy will lose $3 trillion by 2020 to cyberattacks.
Cybercrime is also spilling over other sectors such as national security and free expression. Military espionage, data breach in U.S. federal institutions, and the North Korean Sony hack are chilling examples that demonstrate how attacks are no longer confined to acts with goals to extract financial gains. Smith also noted how last year's U.S. presidential election has been targeted by foreign government hacking.
Citing that private cybersecurity initiatives are no longer enough, Smith is calling world governments to begin drafting a Digital Geneva Convention. As part of the immediate measures of protecting civilians, he wants the Red Cross and technology companies to share their respective responsibilities as well especially in addressing the aftermath of an attack.
Digital Switzerland
In Smith's proposal, technology companies have been likened to first responders, being the stakeholders in the position to immediately tackle cyberattacks.
"Last year MSTIC identified an attack pattern that led to a group associated with a nation-state that had registered internet domains using names that included Microsoft and other companies' trademarks," Smith touted Microsoft's experience. "We went to federal court, obtained court orders and successfully sought appointment of a Special Master to oversee and expedite additional motions in our case."
The proposed role is analogous to that of Switzerland, which is neutral in times of conflict. This is supposed to be necessary to ensure that the sector can help keep the internet safe while holding the world's trust in the process.
Terms Of Engagement
Interestingly, Smith's proposal seems to outline how nations should behave as they go about their attacks or what some would say the terms of engagement. He has outlined six frameworks where his so-called Digital Geneva Convention will be built on.
These include the exercise of restraint in the use of cyber weapons and the rule against targeting tech companies, private sector, and critical infrastructure. Smith seems bent on having this group accorded the status similar to the "protected persons" in times of war under the Fourth Geneva Convention.
While there was a call to limit offensive operation, Smith did not task the convention to outlaw cyberattacks. There was also no word if it can serve as a basis to put individuals or states on trial for crimes against humanity or specific war crimes.
There was only the proposal for the creation of a dedicated agency similar to the Atomic Energy Agency that will investigate attacks and attribute them to specific nation-state.