- The proliferation of cyberattacks and increasing economic losses from cybercrime has created the need for a "digital Geneva convention," said Brad Smith, president and chief legal officer of Microsoft, speaking Tuesday at RSA in San Francisco.
- Calling cyberspace "the new battlefield," Smith emphasized the need for industry and the world's governments to address cybersecurity and nation-state threats, a problem he said was in need of "new solutions."
- Cyberspace is owned and operated by the private sector, Smith said, creating a new kind of battlefield, unlike the traditional areas of land, sea and air warfare. The problem then arises that nation states are able to launch attacks on civilians in times of peace, necessitating a global response. A "digital Geneva convention" would allow countries to reach an international agreement on how to protect citizens from cyberwarfare, according to Smith.
Thousands converged on San Francisco this week to discuss the current state of cybersecurity, addressing everything from new attack mitigation tools to the rise of nation state actors. No matter the topic, experts emphasized the need to do more to protect organizations across sectors.
Malicious actors, nation state or otherwise, do not follow legal restrictions on cyberattacks. Rather, they operate in an agile way, looking to take down targets in pursuit of their goal, disregarding potential ramifications. But as cybercrime has become more advanced, nation state actors have targeted private companies for more than just financial gain.
Smith wants to establish a way for countries around the world to respond in a diplomatic way, creating an international agreement that would set standards and boundaries for cyberwarfare. The hope is to better protect citizens caught in the crosshairs of countries seeking revenge or the embarrassment of opponents. However, creating an international agreement is a lofty goal. To change the international attitude toward cybersecurity, governments would have to start discussing a more global and digital IT infrastructure.
Though there are some cross-border information sharing measures in place, privacy concerns abound, leading to a stalled framework that struggles to quickly react to threats.