It the wake of last month’s WannaCrypt ransomware cyberattack, Microsoft is upping the ante in their call for a Digital Geneva Convention with their latest marketing video (see below). I, and many others in the technology community placed the blame for the WannaCrypt cyberattack, squarely on the shoulders of the United States intelligence community . To insure that this type of cyberattack doesn’t occur in the future, Microsoft feels that that businesses, consumers, and governments need to come together to combat cyber threats worldwide.

Microsoft is calling on governments to “do their part.”

Shared Responsibility

In Microsoft’s scathing response to the WannCrypt cyberattack, Brad Smith — President and Chief Legal Officer of Microsoft, had this to say:

The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year. A month prior, on March 14, Microsoft had released a security update to patch this vulnerability and protect our customers. While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected.

As I stated in my response to the WannaCrypt outbreak, the onus for the cyberattack, is that of the US Government. During their efforts to exploit legacy Windows systems for US cyber-intelligence gains, they put the very people and businesses they’re sworn to protect at risk. For this reason, many in the cybersecurity industry, including Microsoft, feel that cybersecurity must become a “shared responsibility” between tech companies, end users, and the governments of the world — including the United States.

The Need

You may be asking yourself, why should the government help private businesses? Doesn’t that go against nearly everything capitalism stands for? Well, it isn’t that simple. As technology becomes more engrained with our daily lives, and as our technology services, businesses, and even governments continue to rely on one another — this affects us all. As we all become more connected online, we also become more connected as a people. Each major exploit can affect businesses and the people we care about, and more importantly can affect the global economy. According to Microsoft:

74% of the world’s businesses expect to be hacked within the coming year

The estimated economic loss of cybercrime by 2020, is 3 trillion dollars

Nation-state attacks are increasing at an alarming rate

Cyberattacks which began in enthusiasts basements, quickly moved on to those seeking financial gain, and now — with countries attacking businesses and one another. Nations hacking or spying on other nations is nothing new, as during the Cold War it was all but expected, but with the wide expansion of technology and the internet the attacks are ramping up greatly and causing more and more damage, especially when nations attack corporations. Recent examples:

A recently leaked overview of Russia’s “Spearphishing campaing” on the 2016 US election.

The Plan

Of course this isn’t the first time Microsoft lambasted the US government for their exploits of Windows software, nor was it the first time Brad Smith spoke of the issue. Mr. Smith presented the idea for a Digital Geneva Convention at the 2017 RSA Conference in February of this year. During his presentation, he portrayed governments of the world all strive to protect civilians in the time of war, but they have no qualms about attacking civilians in times of peace when they have something to gain.

Microsoft VP and Chief Legal Officer speaks at the 2017 RSA Conference

With the Digital Geneva Convention, Microsoft is asking the governments and technology companies of the world to commit to:

Avoid attacking citizens, the private sector and critical infrastructure

Report vulnerabilities rather than stockpile, sell or exploit them

Pledge to aid in the containment and recovery from cyber attacks

Created a trusted national and global IT infrastructure

End Goals

Microsoft feels that data, and the sharing of data is the key to cybersecurity defense. As an example of the types of data, Microsoft stated that it captures more than 1 trillion endpoint data points each day, and they scan 200 billion emails per month for malware — and they feel that data is the key to combating cyberthreats.

A global and independent organization for protecting cyberspace.

Microsoft feels that an independent global agency similar to the overwhelmingly successful International Atomic Energy Agency and the International Committee of the Red Cross can be formed by those from the private sector, public sector and academia to help protect everyone from cybersecurity threats. They also feel that everyone in the tech sector will need to do their part by trusting one another and by sharing data and information to help protect customers and end users. The overall goal is to have the tech sector play “100% defense, and 0% offense” to retain the world’s trust in technology.

Those in the tech sector can begin coordination now.

Microsoft’s overall goal is to create a trusted “Digital Switzerland” where nations and companies around the world work together to protect their citizens and business from those who seek to do them harm.

Feasibility

While I applaud Microsoft and other tech companies for their outcries, I am not sure if a Digital Geneva Convention is possible as long as the governments of the world feel that they need an upper hand on their adversaries in the intelligence gathering game. However, Microsoft points to recent developments that they feel gives hope to the cause:

If Microsoft and the rest of the technology industry continue to band together, they may be able to force the governments of the world hands — as every government relies on the services these tech giants are providing. Hopefully sooner, rather than later we can all have the “mutual understanding and respect” for one another, that Microsoft and other tech giants are calling for. Until that time, you can still do your part.