Microsoft has called on governments worldwide to agree to a set of rules of engagement for cyber attacks, and for the creation of an overseer to expose nation states that violate them.
Speaking at the RSA Conference in San Francisco, Microsoft president and chief legal officer Brad Smith sought a ‘digital Geneva Convention’ to “protect civilians on the internet in times of peace".
“Just as the Fourth Geneva Convention has long protected civilians in times of war, we now need a digital Geneva Convention that will commit governments to protecting civilians from nation state attacks in times of peace,” Smith said.
"We … find ourselves living in a world where nothing seems off limits to nation state attacks.
“The reality is that the targets in this new battle – from submarine cables to data centres, servers, laptops and smartphones – in fact are private property owned by civilians."
Smith argued a multilateral convention was needed to lay some ground rules for cyber engagement.
Specifically, he said, “such a convention should commit governments to avoiding cyber attacks that target the private sector or critical infrastructure or the use of hacking to steal intellectual property".
“Similarly, it should require that governments assist private sector efforts to detect, contain, respond to and recover from these events, and should mandate that governments report vulnerabilities to vendors rather than stockpile, sell or exploit them,” Smith said.
Smith also called for the establishment of a non-partisan observer, similar to that of the role played by the International Atomic Energy Agency around nuclear non-proliferation.
“This organisation should … [have] the capability to examine specific attacks and share the evidence showing that a given attack was by a specific nation-state,” he said.
“Only then will nation states know that if they violate the rules, the world will learn about it.”
Smith also argued that security vendors should separately commit not to assist nation states in their attacks.
Ry Crozier attended RSA Conference as a guest of RSA.