Fighting Cyberwarfare
At Princeton-Fung Global Forum, Smith ’81 calls for treaty, new agency to deter attacks
With growing evidence that Russian cyberwarfare technology was used to try to influence an American election, it is increasingly apparent that current computer-security technology is inadequate.
Microsoft President Brad Smith ’81 offered a solution March 22 at the Princeton-Fung Global Forum in Berlin: a “digital Geneva Convention” to protect the world from a new kind of warfare.
Smith’s proposal builds on the meetings held in Geneva in 1949 in the wake of World War II to establish ground rules for the conduct of warfare and the treatment of civilians during war. He called for the creation of an organization parallel to the International Committee of the Red Cross to establish rules and limits against internet attacks.
The two-day forum focused on the question of whether liberty can survive in the digital age. It included talks by Smith; Vint Cerf, a Google executive who was one of the designers of the underlying technology used to create the internet; and Neelie Kroes, the former vice president and commissioner for digital economy and society of the European Commission.
The event also included six panels on challenges posed by the growing influence of the internet on society, ranging from privacy and surveillance and “the internet of things” to the recent phenomenon of “fake news.”
It was Microsoft’s president, however, who captured the attention of forum attendees. “I thought it was worth taking a page out of the history books ... to start to talk about creating a digital Geneva Convention,” Smith said.
His proposal, first made in February at a computer-security conference in San Francisco, is to bring together like-minded governments to pledge they will not attack civilian infrastructure. A new Geneva Convention would cause governments “to step back and pledge that they will not hack the accounts of journalists or other private citizens who are involved in the infrastructure of our democracy,” Smith said.
The biggest challenge facing a new treaty organization for the digital era would be finding a way to ensure attribution — to determine where an internet attack actually comes from, he said. What sets cyberwar apart from traditional warfare is that it is maddeningly difficult to determine an attacker’s identity.
“The truth is that we in the private sector often know,” Smith said. “But we have employees in these countries that we need to protect.” Finger-pointing is needed to discourage and deter this kind of action, he added.
Among the 450 attendees, there was both support for his proposal as well as some pessimism about the prospects of limiting cyberwar with new treaties and new actors. “Unfortunately, Microsoft is not the Red Cross,” said Julia Pohle, a senior researcher at the WZB Berlin Social Science Center.
John Markoff reported on technology for The New York Times from 1988 to 2017.
1 Response
John R. Martinson Sr. ’57
7 Years AgoCountering Cyberattacks
The article on the Princeton-Fung Global Forum (On the Campus, April 12) quotes Microsoft President Brad Smith ’81 as saying that a “digital Geneva Convention” would cause governments “to step back and pledge that they will not hack the accounts of journalists or other private citizens who are involved in the infrastructure of our democracy.”
While it may be that Mr. Smith is just naive, it is more likely that he has little knowledge of the “black internet” fraught with villains who could not give a hoot about any “Geneva Convention.” There are too many incentives for “bad guys” to engage in malicious intrusions — that is, hacking — of what is essentially a wide-open internet. There currently is virtually no defense against “zero-day” (previously unknown) exploits, despite industry and governments spending hundreds of millions of dollars on perimeter firewalls. The list of organizations that have experienced successful attacks on their servers, losing literally billions of dollars and confidential information, is legion: AT&T, Yahoo, Target, Apple, the Pentagon, etc.
Is there a solution? Stay tuned!