Microsoft president calls for 'digital Geneva Convention' to protect civilians from cyberattacks

Microsoft president and chief legal officer is urging governments to create an international body designed to protect citizens from state-sponsored cybercrime. In a keynote at the RSA Conference 2017 in San Francisco on Tuesday (14 February), Brad Smith said it is time for governments to implement international rules and norms to protect civilians on the internet.

"Let's face it, cyberspace is the new battlefield," Smith said.

He called for a "digital Geneva Convention" similar to the 1949 Geneva Convention after Second World War that established international standards to protect citizens during wartime.

"For over two-thirds of a century, the world's governments have been protecting civilians in times of war," Smith said. "But when it comes to cyberattacks, nation-state hacking has evolved into attacks on civilians in times of peace.

"This is not the world that the Internet's inventors envisioned a quarter of a century ago, but it is the world that we inhabit today."

Smith said such a convention should have governments pledge to avoid cyberattacks that target the private sector, critical infrastructure or using hacking methods to steal intellectual property. He added that it should be required that governments assist the private sector's efforts to "detect, contain, respond to and recover from" such attacks.

Around 74% of the world's businesses expect to be hacked every year, Smith wrote in a blog post, noting that the cost of cybercrime is expected to reach an estimated $3tn (£2.41tn) by 2020.

He said the world needs an independent international agency that "can investigate and share publicly the evidence that attributes nation-state attacks to specific countries."

"While there is no perfect analogy, the world needs an organization that can address cyber threats in a manner like the role played by the International Atomic Energy Agency in the field of nuclear non-proliferation," Smith said.

"This organization should consist of technical experts from across governments, the private sector, academia and civil society with the capability to examine specific attacks and share the evidence showing that a given attack was by a specific nation-state. Only then will nation-states know that if they violate the rules, the world will learn about it."

In 2015, the United States and China signed a bilateral pledge to avoid hacking companies to steal intellectual property. Two months later, the Group of 50 adopted a similar deal.

Similarly, the US and Russia can "hammer out a future agreement to ban the nation-state hacking of all the civilian aspects of our economic and political infrastructure," Smith said.

The Microsoft executive's statement comes amid growing concerns over cyberattacks targeting critical infrastructure, government officials and alleged attempts to interfere in electoral processes. Last October, the White House accused Moscow of orchestrating cyberattacks against the DNC and Democratic officials in an attempt to meddle in the presidential elections.

Multiple European countries are also bolstering their own cyber defences ahead of their own upcoming elections in the wake of multiple cyberattacks targeting various ministries and critical infrastructure.

However, Smith emphasised "even in an age of rising nationalism," the global technology sector must become "a trusted and neutral digital Switzerland" in cyber conflict to better protect the internet and customers around the globe.

"The tech sector plays a unique role as the internet's first responders," Smith wrote in a blog post. "Even in a world of growing nationalism, when it comes to cybersecurity the global tech sector needs to operate as a neutral Digital Switzerland.

"We will assist and protect customers everywhere. We will not aid in attacking customers anywhere. We need to retain the world's trust. And every government regardless of its policies or politics needs a national and global IT infrastructure that it can trust."