Microsoft seeks 'rules of engagement' for state-sponsored attacks

By

Calls for overseer to shame violators.

Microsoft has called on governments worldwide to agree to a set of rules of engagement for cyber attacks, and for the creation of an overseer to expose nation states that violate them.

Microsoft seeks 'rules of engagement' for state-sponsored attacks

Speaking at the RSA Conference in San Francisco, Microsoft president and chief legal officer Brad Smith sought a ‘digital Geneva Convention’ to “protect civilians on the internet in times of peace".

“Just as the Fourth Geneva Convention has long protected civilians in times of war, we now need a digital Geneva Convention that will commit governments to protecting civilians from nation state attacks in times of peace,” Smith said.

"We … find ourselves living in a world where nothing seems off limits to nation state attacks.

“The reality is that the targets in this new battle – from submarine cables to data centres, servers, laptops and smartphones – in fact are private property owned by civilians."

Smith argued a multilateral convention was needed to lay some ground rules for cyber engagement.

Specifically, he said, “such a convention should commit governments to avoiding cyber attacks that target the private sector or critical infrastructure or the use of hacking to steal intellectual property".

“Similarly, it should require that governments assist private sector efforts to detect, contain, respond to and recover from these events, and should mandate that governments report vulnerabilities to vendors rather than stockpile, sell or exploit them,” Smith said.

Smith also called for the establishment of a non-partisan observer, similar to that of the role played by the International Atomic Energy Agency around nuclear non-proliferation. 

“This organisation should … [have] the capability to examine specific attacks and share the evidence showing that a given attack was by a specific nation-state,” he said.

“Only then will nation states know that if they violate the rules, the world will learn about it.”

Smith also argued that security vendors should separately commit not to assist nation states in their attacks.

Ry Crozier attended RSA Conference as a guest of RSA.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
attackengagementgovernmentmicrosoftnation staterulessecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?