In his keynote presentation at RSA Conference in San Francisco on April 17 2018, Brad Smith, President at Microsoft, told the audience that it is the industry’s responsibility to push the governments of the world towards a new digital Geneva Convention.
He outlined six commitments that would make up a Digital Geneva Convention:
- No targeting of tech companies, private sector or critical infrastructure
- Assist private sector efforts to detect, contain, respond to and recover from events
- Limit offensive operation to avoid a mass event
- Exercise restraint in developing cyber weapons
- Commit to nonproliferation of activities for cyberweapons
- Report vulnerabilities to vendors rather than stockpile or sell them
“Cyberspace has become the new battlefield,” said Smith, “and the tech sector has the first responsibility. We are the first responders on this new battlefield, and it needs to be a shared responsibility with industry and with customers around the world.”
The most serious cyber-attacks are carried out by nations, said Smith. “We need governments to do more, and we need them to do more work with us so we can do more work for them.”
Brad Smith reflected on 2017 as the year that could have been labelled “Cyber-geddon. It was not the best year, it was a wake-up call that could be dated back to the May 12 (WannaCry) and June 27 (NotPetya)”, the latter of which represented the evolution of intent. This year, the industry should focus not on what it will be hit by, but more on what it can bring to improve the world.”
Smith explained how last year saw governments “attacking civilians in a time of peace. It’s essential that we convey the message to governments of the world that these cyber-attacks are not just attacks on machines, but they endanger people’s lives. We need to open eyes to the impact of these attacks and rally the world to address it.” This, added Smith, is the responsibility the cybersecurity industry has to the world.
Cyberspace has become the new battlefield...and the tech sector is the first responderBrad Smith, President, Microsoft
In December 2017, Governments of the United States, United Kingdom, Canada, Japan, Australia and New Zealand united to attribute the WannaCry attack to North Korea. “This unprecedented step was a sign of progress, but also of the progress that still needs to come,” he argued.
The world needs for security to be truly put first, said Smith. “We have found a new way of working that does this, and that needs to be our goal as an industry. We have to look beyond technology itself to truly put security first, which is why Microsoft launched its Defend Democracy project.
“There is so much expertise and important work happening in the industry, but we need to work together in a principled manner.”
This morning, it was announced that 34 technology companies have come together to stand up for cybersecurity with a global tech sector accord. The mission, Smith explained, is to:
- Protect all of our users and customers everywhere
- Oppose all cyberattacks on innocent citizens and enterprises
- Provide tools and information to help the community protect themselves
- Deepen co-operation and information sharing between companies
You can read more about the tech sector accord here.