Microsoft president Brad Smith has called for a “Digital Geneva Convention” designed to prevent businesses and consumers from falling victim to cyberattacks by state actors. He is hoping that international diplomacy will stem the tide of hacks that have cost businesses millions of dollars and placed consumers’ personal information at risk of theft. Much as the Geneva Convention aimed to protect civilians from the horrors of conventional warfare, Smith hopes that an international accord could do the same for cyber warfare.
In his address at the RSA Security Conference, he hopes that all nations will be able to reach an agreement that forbids state actors from:
- Targeting tech firms, private companies, or critical infrastructure
- Failing to assist in recovering from attacks
- Exploiting other nations’ network vulnerabilities instead of exploiting them
- Proliferating cyber weapons and failing to control their development
- Engaging in offensive operations
Individual nations have previously agreed to limit their cyber activity. In 2015, China and the U.S. signed a bilateral agreement to not engage in or support corporate espionage after American businesses complained that the Chinese government helped steal trade secrets. As a result, U.S. government sources and security experts have observed a decrease in the number of such attacks. Members of the G20 recently signed a similar deal.
Should more nations heed Smith’s call, an agreement limiting attacks will help ensure consumer safety in the digital marketplace. Consumers who have personal information such as social security and credit card numbers registered to companies will be safer if these companies are less likely to suffer a data breach. They will have less need to worry about monetary or identity theft. Beyond privacy, protecting consumers from critical infrastructure attacks, such as Russia’s reported disabling of Ukrainian power grids, has the potential to save lives and prevent property damage.
Reaching an agreement may prove difficult as nations have differing security priorities. Countries like North Korea use cyberattacks as a means to protect their international image and hacked Sony Pictures in retaliation for releasing a movie about assassinating Kim Jong Un. Reaching a “Digital Geneva Convention,” despite the challenge, may prove vital, even necessary, to protecting the world’s cyber future.
Read more at the MIT Technology Review.