Microsoft calls for shielding civilians from cyber attacks
SEATTLE — Microsoft is calling for a digital Geneva Convention to outline protections for civilians and companies from government-sponsored cyberattacks.
In comments Tuesday at the RSA security industry conference in San Francisco, Microsoft President and Chief Legal Officer Brad Smith said the rising trend of government entities wielding the internet as a weapon is worrying.
Cyberattacks — from profit-seeking theft of credit-card data to statesponsored attacks aimed at influencing national politics — are a growing concern for technology companies and their customers.
“We suddenly find ourselves living in a world where nothing seems off-limits to nation-state attacks,” he said.
Warfare in cyberspace, Smith said, often targets noncombatants, aiming at data centers, laptops, and software owned by companies and civilians.
Smith cited the high-profile hack of Sony, said to be perpetrated by North Korea, as well as attacks last year aimed at “the democratic process itself,” a reference to hacking in the U.S. presidential election.
He called for governments to come together and outline a set of new rules for behavior in cyberspace to protect civilians on the internet, akin to the protections for civilians in times of war outlined by the Geneva Conventions.
A new international regulatory regime, Smith said, should include an independent organization that can investigate and share evidence that attributes nation-state attacks to specific countries, playing a role similar to that of the International Atomic Energy Agency in nuclear nonproliferation.
That organization, Smith said, should investigate and share publicly the evidence that ties specific nations to attacks.
Microsoft, based outside Seattle, itself has been reluctant at times to identify the source of state-sponsored attacks on its own services.