Microsoft President Requests ‘Geneva Convention’ For Cyber Warfare

As governments wage war against cyber criminals, some recognizable figures are calling for the Geneva Convention 2.0.

Microsoft’s President and Chief Legal Officer, Brad Smith, spoke before the United Nations on Thursday in Switzerland, telling the intergovernmental organization that a new document is required to govern nation-state cyber security.

This comes as threats in the cyber sphere grow in potency and complexity, making them difficult to both spot and combat. With an increasing amount of revenue being unwittingly pulled away from companies by these means, scores of documents are also being exposed to the Dark Web.

That is why, Smith says, a new version of the Geneva Convention is needed – substantive articles that set international and humanitarian law as it pertains to cyber security.

Smith has not been shy about growing and festering cyber threats. Last month he accused North Korea of administering the WannaCry ransomware attack – which began in May 2017 and left “crytoworms” on computers operating under Microsoft Windows and demanded bitcoin payments. WannaCry’s effects were widespread: striking the United Kingdom’s National Health Service (NHS), Spain’s Telefónica and Deutsche Bahn, among other institutions.

Smith made his most recent comments as the UN deliberated on internet governance challenges, according to The Register.

The Microsoft president’s prognosis went as far as IoT (Internet of Things) security, which he particularly targeted for its lack of structure.

Smith urged both tech companies and governments to be proactive on this front. These innovative companies, however, should be at the forefront of internet security, he said.

“If you can hack your way into thermostats, you can hack your way into the electric grid,” Smith said in the UN session. In suggesting that companies get out ahead of threats, Smith added, “after all, we built this stuff.”

See related: Public Sector Advancing Cyber Security With Bill, Research

With a combination of legal and technological actions, Microsoft is working to acquire hacked domains responsible for attacks. That number appears to be currently around 75 domains, Smith added. The company also invests heavily – around $1 billion per year – in the security space.

Reasonably shifting gears, Smith also decried the current state of cyber-attacks as they relate to political agendas. “Nation states are making a growing investment in increasingly sophisticated cyber weapons,” he said, before calling for the modernized and digital version of the Geneva Convention.

What would be the parameters of such a document?

In Smith’s opinion, civilian infrastructures (the electric grid, elections) should not be subject to attack by governments. Intellectual property should also be left untouched, the president and CLO suggested.

The president of the multi-billion-dollar-company also called for revisions to media law. Provisions, as they apply to print and broadcast media, should be applied to social media as well, he said.

Smith’s admonishment comes as the U.S. reels from alleged Russian meddling in the 2016 presidential election – via social media propaganda and perpetual leaks of sensitive documents. For his own part, U.S. President Donald Trump recently said during his first state trip to Asia that Russian President Vladimir Putin was offended at the meddling allegations.

See related: State Of The Union: Trends In Cyber Security Law, Policies

Yet, this is not the only instance of cyber-tampering, as made known with alleged attacks from North Korea, damaging the SWIFT banking network and digital currency exchanges. What’s more, the covert Stuxnet campaign allegedly targeted Iranian nuclear weapons capabilities – in an effort typically attributed jointly to the U.S. and Israel.

The Tallinn Manual, written between 2009 and 2012 by 20 experts at the behest of the NATO Cooperative Cyber Defense Centre of Excellence, is a non-binding study on how international law can be applied to web in cyber-attacks. Its structure could lend itself nicely to an intensified reevaluation of cyber laws.

In Smith’s assessment of the current cyber landscape, he said that workers and consumers can do more to prevent cyber-attacks as well. That includes recognizing and avoiding phishing emails.

With Microsoft’s contributions, continued admonishment from influencers like Smith and others, along with fuller visibility, the cyber security community can improve its capabilities by leaps and bounds.

While this naturally occurs over time, Smith’s suggestion appears to be a more expedited process that can assist both those in the enterprise and those in the public sector, combating cyber-crime on a daily basis.