Microsoft: Security Industry Must Be 'Neutral Digital Switzerland' Brad Smith says the security industry must become a check against nation-state cyber attacks.

By Max Eddy

This story originally appeared on PCMag

Shutterstock.com

The security industry must declare itself a neutral party in cyber attacks between nation states, Microsoft President Brad Smith said here at the RSA Conference.

"Even in an age of rising nationalism, we need to become a trusted and neutral digital Switzerland," Smith told the audience, making an oblique reference to the rise of nationalist political movements in the U.S. and Europe.

"As a global tech sector, we need to come together and sign our own pledge in conjunction with the world's states," said Smith. "We will protect customers, focus on defense, collaborate with each other and we will provide patches to all customers everywhere regardless of the attacks they face, and we will do our part to address the world's needs.

"We will not aid in attacking customers anywhere," he added.

Smith also urged attendees to call on governments to adopt a treaty or pledge that would enshrine the rights and safety of civilians during a cyber attack. Civilian infrastructure, including civilian governmental systems, should be off limits, he said, pointing to the 1949 Geneva Convention, which outlines how nations must treat civilians in times of war.

A new convention on cyber attacks from nation states must focus on preventing attacks against civilians in times of peace. He pointed to the U.S. and China, which under the Obama administration -- to cool rising tensions between the two countries -- agreed to not partake in certain behaviors as part of cyber operations. President Trump should do the same with Russia, Smith said.

This point is clearly a nod to the allegations that Russian intelligence elements hacked computers owned by the Democratic National Committee and used the information, along with misinformation, to undermine the 2016 U.S. presidential election. Smith also said governments should agree not to stockpile vulnerabilities that could be used in attacks.

Lastly, Smith called for the creation of a new group to monitor cyber-attack activity. "What the world needs is a new independent organization, like IAEA," he said, referring to the International Atomic Energy Agency. The organization Smith outlined would provide an impartial assessment of cyber attacks and identify nation-state attackers, which would give its judgement greater authority on the world stage.

Smith's concern is rooted in the rapid expansion of cyber attacks, both in scope and severity. "We've seen cyber attacks move from enthusiast to financial thieves to nations around the world," said Smith. Taking strong positions on issues of national interest is nothing new for Smith, who last year used his keynote presentation to call on the security industry to stand with Apple in its case against the FBI.

As warfare moves into cyberspace, Smith observed that this creates new problems not seen in other theaters of conflict, like oceans or airspace. For one thing, cyberspace exists everywhere, between computers, servers and phones carried by just about every living human being. Cyberspace is also, Smith pointed out, privately owned.

"When it comes to these attacks, we are the plane of battle and the world's first responders instead of nation state attacks being met by other nation states, they are being met by us," Smith told RSA attendees, most of which are members of the security industry.

Smith described the Sony Pictures Entertainment hack, allegedly carried out by North Korea in response to the film The Interview, as a major turning point in cyber attacks from nation states. It was, he said, not about attacking a government but rather, "attacking a private company over freedom of expression over, as it turned out, not a very popular movie."

Smith also highlighted the importance of the immigrant community in the technology industry, a reference to President Trump's controversial travel ban targeted at seven majority Muslim countries.

In recent years, the RSA Conference has become if not political, then at least more policy focused. Previous speakers have included, Defense Secretary Ashton Carter, embattled FBI director James Comey and former Attorney General Loretta Lynch, who used her time at the conference to defend the DOJ's position that Apple should grant investigators access to an iPhone owned by one of the San Bernardino shooters.

Max Eddy

Software Analyst

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

A New Hampshire City Was Named the Hottest Housing Market in the U.S. This Year. Here's the Top 10 for 2024.

Zillow released its annual lists featuring the top housing markets, small towns, coastal cities, and geographic regions. Here's a look at the top real estate markets and towns in 2024.

Business News

'We're Not Allowed to Own Bitcoin': Crypto Price Drops After U.S. Federal Reserve Head Makes Surprising Statement

Fed Chair Jerome Powell's comments on Bitcoin and rate cuts have rattled cryptocurrency investors.

Business Ideas

Is Your Business Healthy? Why Every Entrepreneur Needs To Do These 3 Checkups Every Year

You can't plan for the new year until you complete these checkups.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Science & Technology

This AI is the Key to Unlocking Explosive Sales Growth in 2025

Tired of the hustle? Discover a free, hidden AI from Google that helped me double sales and triple leads in a month. Learn how this tool can analyze campaigns and uncover insights most marketers miss.