There are plenty of issues and complicating factors influencing cybersecurity, but Brad Smith, Microsoft president...
and chief legal officer, believes that one problem overrides all others.
"I think we should come together and reflect on one thing," Smith said during his RSA Conference 2017 keynote Tuesday morning. "There's one thing that has clearly made this situation more challenging -- that is the entry of more nation-state attacks."
In his keynote speech, titled "Protecting and Defending against Cyberthreats in Uncertain Times," Smith focused on the increased threat of nation-state cyberattacks and hacking, which has quickly become a reoccurring theme at this year's conference. Smith cited a number of recent nation-state cyberattacks, including attacks on power grids in Europe as well as the Sony Pictures Entertainment hack, which he said was a "turning point" for such attacks because it showed that commercial enterprises and civilians could be affected.
"We've seen these [attacks] burst into the news in terms of geopolitical controversies," Smith said, citing the phishing attack on Clinton campaign chair John Podesta. "Let's face it -- cyberspace is the new battlefield."
And unfortunately, Smith said, these developments have put the information security on the front lines. "It puts you in a different position," he told the audience, "because when it comes to these attacks in cyberspace, we not only are the plane of battle, we are the world's first responders. Instead of nation-state attacks being met by responses from other nation states, they're being met by us."
Because nation-state cyberattacks have targeted commercial enterprises and civilians, Smith encouraged the creation of something similar to the Geneva Convention for cyberattacks. "For over two thirds of a century, the world's governments have been committed to protecting civilians in times of war," he said. "But when it comes to cyberattacks, nation-state hacking has evolved into attacks on civilians in times of peace."
Smith described some recent efforts at Microsoft to mitigate nation-state cyberattacks, including the seizure of fake domains created by state-sponsored hacking groups, but he said the problem requires the world's governments and industry leaders coming together to find solutions. To that end, he also advocated the creation of a public-private consortium of the "best and brightest" in government and the technology industry to address the increased threats of nation-state cyberattacks.
"We are far away from declaring victory," he said. "We are going to need to do more, and we are going to need to do more together if we're going to address this problem effectively."
Smith also said the solution will require the technology industry as a whole to act fairly and impartially in order to "retain the world's trust" and not be seen as extensions of governments with agendas.
"Even in an age of rising nationalism, we need to be a digital Switzerland," Smith said. "We need to make clear that there are certain principles for which we stand. We need to be clear that we will assist and protect customers everywhere. That is what we do, regardless of the country from which we come. We need to be clear that we will not aid in attacking customers anywhere, regardless of the government that may ask us to do so."
Learn about the increase in IAM security in response to nation-state attacks
Find out how cloud-based systems and network-connected devices threaten security
Read about the Fancy Bear threat group's ties to the Russian government