Back in February, Microsoft's President and Chief Legal Officer Brad Smith called for a "Digital Geneva Convention", spurred on by the rise in state-sponsored cyber attacks. This week, the executive went on to discuss a recent declaration published by the G7, a group made up of Canada, France, Germany, Italy, Japan, the United Kingdom and the United States.
Detailed in the blog post is the fact that while the declaration is "an encouraging step forward", there are some aspects that could be improved. For example, Smith points out the voluntary nature of the proposed rules and regulations, stating we should instead focus on legally-binding agreements which would ensure measures are in place to prevent "extraordinary damage" in case an attack does occur. This, of course, should not be used by the government to "introduce new limits on content or create exceptions from the protections guaranteed by fundamental human rights".
Specifically, regarding the overall state of cyber attacks, the executive said:
Nation state conflict — which started on the land, moved to the sea and found its way into the air — has moved to cyberspace with governments increasingly using the internet to hack, spy, sabotage and steal. This battle is waged on private property: in the datacenters, cables and servers of private companies like Microsoft, and on the laptops and devices owned by private citizens. And increasingly, private companies and individuals are finding themselves in the crosshairs.
Responsibility, Smith says, is not only on the shoulders of governments, but on tech companies as well, since the latter are often the first line of defense in case of cyber attacks. He says that an idea which resonates throughout the industry is that of never assisting in the attack on customers. In other words, 100% defense, 0% offense.
A final point emphasized is that all the rules in the world won't matter unless the perpetrator is held accountable, regardless if it's nation state or state-sponsored attacker. As such, a proposal for the creation of an independent organization is made, which would preserve and increase the trust in the online environment. As an example, Smith gave the International Atomic Energy Agency (IAEA).
It's no doubt that with the increase in instances of cyber warfare, attacks will become more and more sophisticated, thus putting end users at risk. The creation of an institution and set of rules which would ensure the safety of users and accountability of cyber criminals is a very welcome initiative.