SAN FRANCISCO, Feb 14 (Reuters) - Microsoft President Brad Smith on Tuesday pressed the world’s governments to form an international body to protect against nation-state hacking, saying recent high-profile attacks showed a need for global norms that police government activity in cyberspace.
Smith’s call for a “Digital Geneva Convention” followed a 2016 U.S. presidential election marred by the hacking and disclosure of Democratic Party emails that U.S. intelligence agencies concluded were carried out by Russia in order to help Republican Donald Trump win.
“Just as the world’s governments came together in 1949 to adopt the Fourth Geneva Convention to protect civilians in times of war, we need a Digital Geneva Convention that will commit governments to implement the norms needed to protect civilians on the internet in times of peace,” Smith said in a draft of a blog post seen by Reuters.
Smith was expected to discuss his proposal during keynote remarks on Tuesday at the RSA cybersecurity conference in San Francisco.
Cyber attacks have increasingly been used in recent years by governments to achieve foreign policy or national security objectives, sometimes in direct support of traditional battlefield operations. Despite a rise in attacks on governments, infrastructure and political institutions, few international agreements currently exist governing acceptable use of nation-state cyber attacks.
The United States and China signed a bilateral pledge in 2015 to refrain from hacking companies in order to steal intellectual property. A similar deal was forged months later among the Group of 20 nations.
A Digital Geneva Convention would benefit from the creation of an independent organization to investigate and publicly disclose evidence that attributes nation-state attacks to specific countries, Smith said in his blog post.
Smith likened such an organization, which would include technical experts from governments and the private sector, to the International Atomic Energy Agency, an atomic energy watchdog based at the United Nations that works to deter the use of nuclear weapons.
Smith also said the technology sector needed to work collectively and neutrally to protect internet users around the world from cyber attacks, including a pledge not to aid governments in offensive activity and the adoption of a coordinated disclosure process for software and hardware vulnerabilities.
“Even in a world of growing nationalism, when it comes to cybersecurity the global tech sector needs to operate as a neutral Digital Switzerland,” Smith said.
Reporting by Dustin Volz; Editing by Dan Grebler