Brad Smith Microsoft

Microsoft President Brad Smith has called for a “Digital Geneva Convention” to protect against nation-backed hacking. He says numerous high-profile attacks in recent years show that standards must be created. Smith has pressed world governments to act to protect customers and citizens around the globe.

In a blog draft published by Reuters, Smith says finding global standards will make it easier to police government activity in a cyber environment. Government-backed cyber attacks have featured prominently in the news in recent years. The U.S. Presidential Election was marred by accusations that the Russian government undermined the Democratic Party.

Emails from the Democrats were disclosed in what U.S. Intelligence says was a state-led attack. Smith says civilians must be protected in cyberspace, and a Digital Geneva Convention will provide the stimulus to governments:

“Just as the world’s governments came together in 1949 to adopt the Fourth Geneva Convention to protect civilians in times of war, we need a Digital Geneva Convention that will commit governments to implement the norms needed to protect civilians on the internet in times of peace.”

Smith is speaking on Tuesday at the RSA cybersecurity conference. He is expected to discuss the Digital Geneva Convention plan at the event in San Francisco.

State-backed cyber-attacks are not a new development. However, as cybercrime techniques have improved, governments have increased their activity. Attacks range from information hacks, to legitimate disruption of infrastructure. Actually pinning such attacks positively on a country is hard, but the US has repeatedly accused both Russia and China of such attacks.

Not that the US does not engage in cyberattacks. The United States and China signed a bilateral agreement in 2015 to stop hacking companies to steal intellectual property.

Digital Geneva Convention

Smith’s plans for a Digital Geneva Convention would expand this concept of countries agreeing to stop attacks. Instead of a simple agreement, it would create an international standard that must be adhered to.

An independent group would be needed to investigate and disclose breaches of the convention. Smith compared this potential organization to the International Atomic Energy Agency, which deters use of nuclear weapons.

“Even in a world of growing nationalism, when it comes to cybersecurity the global tech sector needs to operate as a neutral Digital Switzerland,” Smith says.