Tag Archives: Geneva Convention

Tech firms, including Microsoft, Facebook, vow not to aid government cyber attacks

Silhouettes of mobile users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft, Facebook and more than 30 other global technology companies on Tuesday announced a joint pledge not to assist any government in offensive cyber attacks.

The Cybersecurity Tech Accord, which vows to protect all customers from attacks regardless of geopolitical or criminal motive, follows a year that witnessed an unprecedented level of destructive cyber attacks, including the global WannaCry worm and the devastating NotPetya attack.

“The devastating attacks from the past year demonstrate that cyber security is not just about what any single company can do but also about what we can all do together,” Microsoft President Brad Smith said in a statement. “This tech sector accord will help us take a principled path toward more effective steps to work together and defend customers around the world.”

Smith, who helped lead efforts to organize the accord, was expected to discuss the alliance in a speech on Tuesday at the RSA cyber security conference in San Francisco.

The accord also promised to establish new formal and informal partnerships within the industry and with security researchers to share threats and coordinate vulnerability disclosures.

The pledge builds on an idea for a so-called Digital Geneva Convention Smith rolled out at least year’s RSA conference, a proposal to create an international body to protect civilians from state-sponsored hacking.

Countries, Smith said then, should develop global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two.

In addition to Microsoft and Facebook, 32 other companies signed the pledge, including Cisco, Juniper Networks, Oracle, Nokia, SAP, Dell and cyber security firms Symantec, FireEye and Trend Micro.

The list of companies does not include any from Russia, China, Iran or North Korea, widely viewed as the most active in launching destructive cyber attacks against their foes.

Major U.S. technology companies Amazon, Apple, Alphabet and Twitter also did not sign the pledge.

(Reporting by Dustin Volz; Editing by Dan Grebler)

‘Digital Geneva Convention’ needed to deter nation-state hacking: Microsoft president

microsoft president brad smith

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft President Brad Smith on Tuesday pressed the world’s governments to form an international body to protect civilians from state-sponsored hacking, saying recent high-profile attacks showed a need for global norms to police government activity in cyberspace.

Countries need to develop and abide by global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two, Smith said. Technology companies, he added, need to preserve trust and stability online by pledging neutrality in cyber conflict.

“We need a Digital Geneva Convention that will commit governments to implement the norms needed to protect civilians on the internet in times of peace,” Smith said in a blog post.

Smith outlined his proposal during keynote remarks at this week’s RSA cybersecurity conference in San Francisco, following a 2016 U.S. presidential election marred by the hacking and disclosure of Democratic Party emails that U.S. intelligence agencies concluded were carried out by Russia in order to help Republican Donald Trump win.

Cyber attacks have increasingly been used in recent years by governments to achieve foreign policy or national security objectives, sometimes in direct support of traditional battlefield operations. Despite a rise in attacks on governments, infrastructure and political institutions, few international agreements currently exist governing acceptable use of nation-state cyber attacks.

The United States and China signed a bilateral pledge in 2015 to refrain from hacking companies in order to steal intellectual property. A similar deal was forged months later among the Group of 20 nations.

Smith said President Donald Trump has an opportunity to build on those agreements by sitting down with Russian President Vladimir Putin to “hammer out a future agreement to ban the nation-state hacking of all the civilian aspects of our economic and political infrastructures.”

A Digital Geneva Convention would benefit from the creation of an independent organization to investigate and publicly disclose evidence that attributes nation-state attacks to specific countries, Smith said in his blog post.

Smith likened such an organization, which would include technical experts from governments and the private sector, to the International Atomic Energy Agency, a watchdog based at the United Nations that works to deter the use of nuclear weapons.

Smith also said the technology sector needed to work collectively and neutrally to protect internet users around the world from cyber attacks, including a pledge not to aid governments in offensive activity and the adoption of a coordinated disclosure process for software and hardware vulnerabilities.

(Reporting by Dustin Volz; Editing by Dan Grebler)