We need a Digital Geneva Convention

The invention of the internet brought along a problem, a problem that could destroy the vision of its creators, a problem that would disrupt the world and even threaten democracy. If you have not guessed it yet, that problem is hacking. With hackers getting bolder and smarter with each passing day, there seems to be no visible end to this web based terror.

Cyber crime has been on the rise since the past decade and even more so in the last 3 years. According to ISACA, breach of cyber security due to hacking has rose by almost 400% in the last 3 years. Although hacking has been a concern for a long time, what changed in the last five years was the rise of state sponsored hacking. The initial attacks were on government institutions but then focus was shifted to where it hurts the most, the heart of any country’s economy, its business.

Some countries have always been aggressive in their efforts to modernize their armies and improve their armed capabilities as a whole and cyber warfare is no exception. This new front of battle is important and they know it. All of the world’s superpowers have been hastily pouring money to increase their cyber capabilities and the result is a world that has learnt to fear the web.

To protect civilians in times of war, the fourth Geneva Convention played a big role and Microsoft believes that a digital Geneva Convention may just be the right place to start. At the RSA convention held this year Microsoft pitched for a Digital Geneva convention to protect civilians from cyber attacks.

Countries have indulged in cyber warfare from almost a decade. The U.S almost destroyed Iran’s nuclear plans with the stuxtnet virus. The attack on the U.S in 2008 and most recently the attack on Georgia by Russia are all examples for this. What changed recently was that state sponsored hackers were now targeting private companies too and in the course of this, they were affecting millions of civilians who had nothing to do with it. The attack on Ukraine power grid is a fine example and also the U.S cyber attack on Syria took out the power supply of the whole country for a day.

The cyberspace is a front that does not physically exist and this complicates things. It is not owned or maintained by the government and mostly private tech companies are responsible for it and its security is costing them a lot. According to a report by Gartner the annual spending on cyber security of 2016 alone was over $80 billion and is estimated to exceed $1 trillion by 2021. The damages will cost $6 trillion by 2021. This is out of an ordinary civilians pocket like you and me and there is really very little we can do about it.

“Cyberspace is owned and operated by the private sector. It is private property, whether it's submarine cables or datacenters or servers or laptops or smartphones. It is a different kind of battlefield than the world has seen before”
-Brad Smith

Brad Smith, Microsoft’s president and chief legal officer said that when it came to cyber attacks, state sponsored hacking has evolved into attacks on civilians in times for peace. He argues that this can only be curbed by bringing together the global cyber superpowers and hammer out a deal to protect civilians from cyber attacks.

The U.S and China made a similar deal recently. The Obama administration had started working on guidelines for cyber warfare but we are yet to see a result of it. Smith argued that the governments should take a page out of the 1949 Geneva Convention and create an agency to keep state sponsored hacking in check, just like the International Red Cross society which protects civilians in times of war.

The problem begins with the fact that even if it is the governments that are competing with each other, the tech industry bears the brunt of the attacks as they are the first responders. Mind you, the U.S government doesn’t roll out security patches after a major attack but the private companies do. They spend billions on cyber security while the governments spend more or less the same on offensive cyber capabilities.

Smith said that to tackle this, the world’s governments and tech companies must come together and collaborate to bring out a change. They must collaborate across the world to stop state sponsored hacking on civilian targets.

“We are going to be most effective as an industry if we embrace collaboration and openness to develop the best tools to combat these threats and resist efforts to keep threat information proprietary and hidden,” said Alex Stamos, Facebook’s head of security.

To tackle this and come out unscathed, the tech industry must come together and share information across the industry to collaborate and fight this threat. They have to pledge themselves to only use their capabilities to protect people regardless of what the government tells them to do. There should more openness among the companies and more sharing of threat intelligence and assessments.

A few security patches won’t help the booming race for cyber supremacy. It won’t stop the millions of hackers from hacking Civilian networks again. And certainly won’t discourage government investment into cyber warfare. There is a need for a digital neutral Switzerland and the need is now.

 Switzerland has long played the role of a neutral zone and that is exactly what is needed in the Cyber space.

Since the fourth Geneva Convention worked well enough, I dare say that an enforced digital Geneva Convention will work out well. This will be possible if all the major players in the cyber arena come together and seal the deal. I mean there is no point if the world came together and Russia opts out, after all they are probably the most powerful country in the world based on offensive cyber capability alone.

 Whatever may come in the future, the present state of the world’s cyber security is perilous and needs to be brought under control. This is definitely the first step to a more secure and open future.