Microsoft President Mark Smith has called for a “Digital Geneva Convention” to establish rules against cyber-attacks aimed at civilians. According to Smith, tech companies should remain neutral in international conflicts.
He was speaking in San Francisco at the RSA conference, one of the biggest cybersecurity events in the world. Smith noted the growth of cybercrime for financial gain and the proliferation of state-sponsored cyber attacks.
A digital Geneva convention would “commit governments to protecting civilians from nation-state attacks in times of peace. We need to make clear that there are certain principles for which we stand, that we will assist and protect customers everywhere. We will not aid in attacking customers anywhere, regardless of the government that may ask us to do so,” Smith said
In a blog at the official Microsoft website, Smith envisaged how the organization would work. According to the blog post, the organization should have a panel of technical experts who can analyze attacks, share information across nations and set up binding rules and guidelines that nations could adopt to for the protection of their citizens.
Among the suggestions Smith makes is the adoption of a collaborative effort to prevent and defend against nation-state cyber-attacks, ending attacks by private companies on behalf of the government, making software patches available and encouraging nations to stop making cyber weapons.
Initial plans to develop International cyber rules were already laid down by the UN in 2015 after they brought in experts from 20 nations to craft rules for nation states aimed at promotion of an open, stable, secure, and peaceful ICT environment. A bilateral agreement signed between the US and China in 2015 was also cited. The agreement sets out the rules surrounding cyber-attacks.
The acknowledgment of cyber security as a global problem by major world leaders including former US president Barack Obama has stressed the importance of developing a unified cyber guidebook to govern behavior in cyberspace. In the event that governments disagree, Smith suggests that tech companies protect their users.
“Just as the Fourth Geneva Convention recognized that the protection of civilians required the active involvement of the Red Cross, protection against nation-state cyber-attacks requires the active assistance of technology companies,” Smith wrote.