Governments should create a "Digital Geneva Convention" that lays out ground rules for defending civilians from cyberattacks, declared Brad Smith, president of Microsoft Corporation, today at the RSA Conference.
"For over two-thirds of a century, the world's governments have been committed to protecting civilians in times of war, but when it comes to cyberattacks, nations state hacking has evolved into attacks on civilians in times of peace," Smith lamented during a morning keynote address.
"What we need now is a 'Digital Geneva Convention,'" Smith continued. "We need a convention that will call on the world's governments to pledge that they will not engage in cyberattacks on the private sector. That they will not target civilian infrastructure, whether it's of the electrical or the economic or the political variety. We need governments to pledge that instead they will work with the private sector to respond to vulnerabilities. That they will not stockpile vulnerabilities and they will take additional measures..."
Smith cited several strong building blocks for such a convention, including the United Nation's 2015 formation of a Group of Governmental Experts, who recommended a set of international norms for behavior in cyberspace, as well as the 2015 negotiations between the U.S. and China designed to curb the cybertheft of private intellectual property. He also noted that 2017 brings "an opportunity for a new president in the United States to sit across the table with the president from Russia and take another step forward to address the attacks that concern the world," alluding to Russia's widely reported cyber interference in the 2016 U.S. presidential election.
Smith envisioned that a "Digital Geneva Convention" could work toward forming a new world organization, modeled after the International Atomic Energy Agency, that unites the greatest cyber minds in the public and private sectors to not only monitor global cyber activity but also identify and call out nation-state attackers.