By Brian Donohue
SAN FRANCISCO—In a keynote address at the 2017 RSA Conference, Microsoft President Brad Smith called for the creation of “a trusted and neutral digital Switzerland” in an effort to combat the influx of state-sponsored actors and attacks.
Alternatively calling his plan a “Digital Geneva Convention,” Smith leaned heavily on the familiar war metaphor in explaining that the Internet and computer networks are “the new battlefield,” one that is fundamentally different than the physical battlefields of old. For one, he said, the private sector is the front line, and therefore, nation-states aren’t met in battle by other nation-states but instead by private companies and civilians. And on that last point, Smith highlighted the second major and fundamental difference: While the governments have made great strides in attempting to diminish civilian casualties in war, examples of what we call cyberwar are often directed squarely at civilians.
Casting aside the grim reality that, historically speaking, civilians are almost always the primary and most plentiful victims of war, Smith’s said critical infrastructure systems, public utilities, and private organizations are not military targets, and that the attacks on them often disproportionately impact civilians.
Thus, to combat this brave new world of increases in the number of attacks and in the number of groups with the intent and the capacity to carry them out, the world needs a new global, independent agency to monitor cyberattacks and hold attackers accountable. Now, he said, is the time to call on governments to protect citizens on the Internet both in times of peace and war.
This agency, Smith said, would be the result of a digital Geneva Convention, an agreement that would call on governments to pledge that they will not target civilians with cyber attacks against critical infrastructure and public utilities. It would include every government, regardless of its policies and politics, and it would require that technology providers pledge to protect customers everywhere, promise never to attack or intentionally weaken the defenses of end-users, and that everyone, governments and private companies alike, stop hoarding zero-days for offensive use.
Ultimately Smith argued that the world may be losing its trust in technology, and that the industry and governments of the world must come together to combat this problem by building a neutral, digital Switzerland that the world can trust, even in an age of nationalism.
Brian Donohue is a technology journalist and security analyst at Booze Allen’s Cyber4Sight.
Image: Thomas Cloer, CC By-Sa license.