Cyberspace has become our generation’s battlefield, replacing gunfights with hacks, and it’s up to tech companies and governments to come together and combat rampant cyberattacks, Microsoft’s President and Chief Legal Officer Brad Smith said in a speech at the United Nations in Geneva.
Smith talked about how technology, while responsible for great progress, has also driven violence and war throughout history. He pointed to technology-driven after World War I, how people failed to curtail its impact and the role of unchecked tech in World War II.
Battling and policing cyberattacks can be tougher than dealing with traditional attacks because cyber strikes can take hold quietly and spread like wildfire, with anonymous hackers hidden behind layers of obfuscation.
“The reality is that technology in cyberspace is in many respects unfolding as technology always has, on land, on the water and in air, because what are we seeing? We are seeing a new arms race,” Smith said. “We’ve entered a new era of invisible weapons. When we talk about a cyber weapon, it’s not something one can hold in a hand like a gun or look across and see like plane or missile and yet its impact can be profound.”
This year alone, Smith said, the world has witnessed some of the most devastating cyberattacks in history. He mentioned the Wanna Cry attack in May, which which locked down more than 200,000 computers at hospitals, businesses, governments, and more in 150 countries around the world.
That attack in isolation would make 2017 a historic year for cyber warfare. But there were also attempts to influence the presidential election in France, echoing what happened in the U.S. presidential election in 2016, and a widespread attack in Ukraine.
As technology continues to evolve, bringing more systems online, vulnerabilities will only increase.
“Increasingly, we live in a world where If you can hack into a thermostat you may be able to find your way across the electrical grid,” Smith said. “We are entering a world where every thermostat, every electrical heater, every air conditioner, every power plant, every medical device, every hospital, every traffic light, every automobile will be connected to the internet. Think about what it will mean for the world when those devices are the subject of attacks.”
Though there are more targets for hackers, most cyber attacks still begin the same way, Smith claimed. Someone at a computer clicks on a link they shouldn’t, opening a door for hackers to infiltrate the system. Smith noted the importance of working with people to change behavior because “it turns out every organization has at least one employee who will click on anything.”
Smith said Microsoft spends $1 billion annually on security innovations. Microsoft, and fellow tech giants, have a responsibility to act as the first line of defense because “we built the stuff,” and “we see the threats first and we are in position to act quickly.” He recommended that the world’s top tech companies should come together to adopt a common set of best practices to protect people from cyber attacks, the same way medics had common practices on the battlefield.
But tech companies can’t protect and police cyberspace on their own. Smith echoed his previous call for a “digital Geneva Convention” that explicitly governs cyber warfare, the same way the international accords govern conventional war.
“The world needs a new digital Geneva Convention, it needs new rules of the road,” Smith said. “What we need is an approach that governments will adopt, that says they will not attack civilians in times of peace, they will not attack hospitals, they will not attack the electrical grid, they will not attack the political processes of other countries, that they will not use cyber weapons to steal the intellectual property of private companies, that they instead will work together to help each other and the private sector respond when there are cyberattacks.”