Microsoft: Security Industry Must Be 'Neutral Digital Switzerland'

The security industry must declare itself a neutral party in cyber attacks between nation states, Microsoft President, Brad Smith, said at the RSA Conference. "Even in an age of ascension nationalism, we demand to become a trusted and neutral digital Switzerland," Smith told the audience, making an oblique reference to the rising of nationalist political movements in the US and Europe.

RSA 2022 Bug Art "As a global tech sector, nosotros need to come together and sign our own pledge in conjunction with the earth's states," said Smith. "Nosotros volition protect customers, focus on defence, collaborate with each other, and we will provide patches to all customers everywhere regardless of the attacks they face, and we will do our office to address the earth's needs.

"We volition not aid in attacking customers anywhere," he added.

Smith likewise urged attendees to phone call on governments to adopt a treaty or pledge that would enshrine the rights and safety of civilians during a cyber assault. Civilian infrastructure, including noncombatant governmental systems, should exist off limits, he said, pointing to the 1949 Geneva Convention, which outlines how nations must treat civilians in times of war.

A new convention on cyber attacks from nation states must focus on preventing attacks confronting civilians in times of peace. He pointed to the US and China, which under the Obama assistants—to cool rising tensions between the ii countries—agreed to non partake in certain behaviors as part of cyber operations. President Trump should do the same with Russia, Smith said.

This point is clearly a nod to the allegations that Russian intelligence elements hacked computers owned by the Democratic National Commission and used the information, along with misinformation, to undermine the 2022 U.s. presidential election. Smith also said governments should agree not to stockpile vulnerabilities that could be used in attacks.

Lastly, Smith called for the creation of a new group to monitor cyber-attack action. "What the globe needs is a new independent organization, like IAEA," he said, referring to the International Diminutive Energy Bureau. The organization Smith outlined would provide an impartial assessment of cyber attacks and identify nation-state attackers, which would give its judgement greater authority on the world stage.

Smith'southward business concern is rooted in the rapid expansion of cyber attacks, both in telescopic and severity. "We've seen cyber attacks move from enthusiast to fiscal thieves to nations around the globe," said Smith. Taking strong positions on issues of national interest is nothing new for Smith, who last year used his keynote presentation to call on the security industry to stand with Apple in its example against the FBI.

As warfare moves into net, Smith observed that this creates new problems not seen in other theaters of conflict, like oceans or airspace. For one thing, cyberspace exists everywhere, between computers, servers, and phones carried past simply about every living human existence. Cyberspace is also, Smith pointed out, privately endemic.

"When it comes to these attacks, we are the plane of boxing and the world'due south first responders instead of nation country attacks being met past other nation states, they are beingness met by us," Smith told RSA attendees, most of which are members of the security manufacture.

Smith described the Sony Pictures Amusement hack, allegedly carried out by North Korea in response to the movie The Interview, as a major turning bespeak in cyber attacks from nation states. Information technology was, he said, not about attacking a government but rather, "attacking a private company over freedom of expression over, as it turned out, not a very popular movie."

Smith also highlighted the importance of the immigrant community in the technology industry, a reference to President Trump's controversial travel ban targeted at seven majority Muslim countries.

In recent years, the RSA Conference has go if not political, then at least more policy focused. Previous speakers have included, Defense Secretary Ashton Carter, embattled FBI manager James Comey, and former Attorney General Loretta Lynch, who used her time at the conference to defend the DOJ's position that Apple tree should grant investigators access to an iPhone owned by one of the San Bernardino shooters.