Microsoft president Brad Smith appeared before the UN in Geneva to talk about the role of nation-state actors in the threat landscape. We are assisting a growing number of nation-state cyber attacks, for this reason, cybersecurity experts, and Government officials urge the adoption of norms of states behavior in the cyberspace.
The risk of escalation and retaliation in cyberspace, the increasing number of cyber attacks and cyber threats even more sophisticated could have a destabilizing effect on international peace and security. The risk of conflict between states caused so cyber incidents encourages all States to engage in law-abiding, norm-respecting and confidence-building behavior in their use of ICT.
During the UN session on current internet governance challenges, Smith urged the need to define a cyber equivalent of the Geneva Convention.
“If you can hack your way into a thermostats you can hack your way into the electric grid,” Smith said, adding that the tech sector has the first responsibility for improving internet security because “after all we built this stuff”.
Most of you, already know that I was one of the experts of the Cyber G7 group at the Italian Summit that produced the voluntary, non-binding norms of State behavior during peacetime detailed in the G7 DECLARATION ON RESPONSIBLE STATES BEHAVIOR IN CYBERSPACE.
The group was led by Minister Gianfranco Incarnato and I had the honor and the opportunity to write the declaration along with Prof. Luigi Martino. We presented 12 points aimed to propose stability and security in the cyberspace.
Ministeriale G7 https://t.co/P8JK779BoO – Vedi DECLARATION ON CYBERSPACE
— Gianfranco Incarnato (@GianfrancoIncar) April 11, 2017
The declaration invites all the States to collaborate with the intent to reduce risks to international peace, security, and stability.
Well, part of the work wasn’t presented in the final discussion at the G7 summit, and unfortunately, the group has ended its mission, but we strongly believe that we made the first steps on the route Smith has in mind and we will do anything to complete our work.
We are currently trying to give an efficient prosecution to the work we made at the G7 Summit.
Microsoft is spending a significant effort trying to identify threat actors in the wild and profile them, the company used its technology to track down malicious infrastructure used by both criminal syndicates and nation-state actors. Smith announced Microsoft helped customers in 91 countries by seizing 75 domains using by attackers, it spends $1bn on security innovation a year.
The attacks against the 2016 US Presidential Election, such as the attacks against SWIFT banking network, were attributed to respectively Russian and NK threat APT groups linked to Russia and North Korea, both cases demonstrates that the problem of the “attribution” is hard to be solved without information sharing and collaborations among states.
For this reason, we at the Cyber G7 Group and Microsoft President believe that there is the shared need of a mandatory set of norms for states behavior in the cyber space.
“Nation states are making a growing investment in increasingly sophisticated cyber weapons,” Smith added. “We need a new digital Geneva Convention.”
“Government should agree not to attack civilian infrastructures, such as the electrical grid or electoral processes,” he said.
Smith highlighted the importance of the role of private companies in conflict, their conduct must be neutral and must ensure the protection of their customers.
But as remarked in several discussions, we are all nodes of a globally connected network, whom security depends on our behavior too.
Smith used the phishing to express this concept and the highlight the role of netizens in security the cyberspace.
“90 per cent of attacks begin with someone clicking on an email… We need to protect people from their bad habits,” he added.
(Security Affairs – Digital Geneva Convention, Information Warfare)