The Schwartz Report

Blog archive

Microsoft: Proposed 'Digital Geneva Convention' Must Neutralize Nation-State Cyberattacks

Microsoft President and Chief Legal Officer Brad Smith's call for a "Digital Geneva Convention" convention would seek to forge ties with international governments and the tech sector committed to nonproliferation of cyberweapons and toward making "the Internet a safer place" with the goal of putting an end to nation-state attacks. Smith proposed the neutral organization, comparable with the International Atomic Energy Agency focused on non-proliferation of nuclear weapons, during his Tuesday RSA Conference keynote address.

Smith's "Digital Geneva Convention" would have the scope of a global convention that would, among other things, call on the world's governments to disengage from nation-state attacks against targets in the private sector, pledge to respond to vulnerabilities and put an end to the spread of vulnerabilities by sharing them with appropriate tech providers. Acknowledging the rise of nationalism, the "global technology sector needs to become a trusted and neutral digital Switzerland," Smith told RSAC 2017 attendees.

"We need governments to take the page out of the 1949 Geneva Convention, and other instruments that have followed," Smith continued. "We need an agency that brings together the best of the best and the brightest in the private sector, in academia and public sector. We need an agency that has the international credibility to not only observe what is happening but to call into question and even identify attackers when nation-state attacks will happen."

Smith emphasized that this organization must be global and neutral. This would help ensure that the group would focus on providing 100 percent defense and would not support offense-based counterattacks. Technology providers must also make clear that they will assist and protect all customers irrespective of the country they're from and commit to refusing to aid government-sponsored attacks on customers.

"These two principals have been at the heart and soul of what we've been doing. We need to stay on that path," he said. "We need to make the case to the world that the world needs to retain its trust in technology. And regardless of a government's politics, or policies or individual issues at any moment in time, we need to persuade every government that it needs a national and global IT infrastructure that it can trust."

In his remarks, echoed in a blog post, Smith emphasized the fact that the Internet is based on infrastructure provided by private companies and they are the "first-responders" to nation-state attacks, hence their responsibility to commit resources accordingly. Smith gave a plug to Microsoft's own efforts, which include its $1 billion per year spent on security, last year's release of Advanced Threat Protection to Exchange Online that identifies malware and suspicious patterns within the content of messages and, more recently, the addition of Office 365 Threat Intelligence. Smith also gave mention to Microsoft's new Office 365 Secure Score, the tool that helps administrators assess risk factors that was launched last week.

Where this will go remains to be seen but Smith's choice to use his opening keynote of RSAC 17 as the podium to propose this "Digital Geneva Convention" suggests he wanted it to be heard. RSAC is the largest gathering of security information professionals, policy makers and law enforcement officials and is perhaps the most viable vehicle to get talks started. It will require a strong show of force and a willingness of governments with conflicting interests to come together, which, of course, is no easy task. However, despite the obstacles, there's too much at stake by remaining idle.

Posted by Jeffrey Schwartz on 02/15/2017 at 12:36 PM


  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.