Bekker's Blog

Blog archive

Microsoft's Smith Shines Spotlight on Cyberwar's Effect on Civilians

Brad Smith sometimes uses his perch as Microsoft president and chief legal officer to draw disparate strands of tech, security, privacy, law and international relations together to make a larger point about emerging realities in the world.

He was at it again Tuesday at the RSA Conference in San Francisco, advancing a novel argument about the way cyberwar shuffles the responsibilities of nations, citizens, companies and soldiers.

Here's an excerpt from the speech (emphasis mine):

Let's face it, cyberspace is the new battlefield. The world of potential war has migrated from land to sea to air and now cyberspace. But cyberspace is a different kind of space. Not only can we not find it in the physical world, but cyberspace is us.

For all of us in this room, it is us. Cyberspace is owned and operated by the private sector. It is private property. Whether it's submarine cables or datacenters or servers or laptops or smartphones, it is a different kind of battlefield than the world has seen before. And that puts us in a different position, it puts you in a different position, because when it comes to these attacks in cyberspace, we not only are the plane of battle, we are the world's first responders.

Instead of nation state attacks being met by responses from other nation states, they are being met by us. And as we think about that change in the world, we should reflect upon one other, as well. It's a sobering thing to think about, but consider this: For over two-thirds of a century, the world's governments have been committed to protecting civilians in times of war. But when it comes to cyberattacks, nation state hacking has evolved into attacks on civilians in times of peace.

This is not the world that the Internet's inventors envisioned a quarter of a century ago, but it is the world that we inhabit today. And above all else, I think nation state attacks call on us as employees, as an industry, as private citizens to ask ourselves one fundamental question. What are we going to do?

The point about governments not protecting civilians in cyberwar is a bit overdone. Ask anyone who has both survived being shot and endured being pwnd to say which of the two experiences they'd prefer to go through again, and I think the answer would be pretty obvious. Or, maybe I should say, it is a bit overdone right now. The Stuxnet attacks made physical damage from a virtual attack a documented reality. Still, I suspect that should cyberattacks ever start actually killing or maiming civilians, nations will take a radically more aggressive stance on defending their citizens.

Smith's point about who is currently responsible for defense, though, is a solid one. It's possible to look at IT infrastructure through a lens that reveals that every person connected to the Internet has effectively been conscripted to stand guard at the nation's border. IT departments and security professionals are the first responders to international incidents, just as Smith describes.

Smith's attempt at a solution is what he calls a Digital Geneva Convention with six points. This slide from a related blog post on Tuesday lists the points:

[Click on image for larger view.] Source: Microsoft

While Smith's description of the new issues we face are largely spot on, five of those six points probably don't have much of a chance. Governments should and probably will beef up efforts on No. 2 (assist private sector efforts to detect, contain, respond to and recover from events). For the rest of the points, the fruits of digital warfare are too alluring to nation states. The costs appear very low compared to the catastrophic effects of kinetic warfare, and cyberweapons are more appealing to state actors due to their deniability.

This Digital Geneva Convention seems unlikely to prevail, but Smith has hit on an enormously important issue about the responsibilities of nation states to their citizens and to their private sectors as they engage in cyber operations against their enemies and allies. Shining a spotlight on the effect of digital warfare on every country's own population elevates an important element in policy deliberations.

Posted by Scott Bekker on February 14, 2017


  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Microsoft Sets September Launch for Purview Data Governance

    Microsoft's AI-powered Purview solution to address governance and security challenges is set to become generally available on Sept. 1.

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • End of the Road for Kaspersky in the United States

    Kaspersky on Monday said it is shuttering its U.S. operations, just days before a nationwide ban on sales of its security software was set to take effect.