54 views
0

WHY THIS MATTERS IN BRIEF

In some respects we are starting to see the advent of open cyber warfare between competing sovereign nations and unless someone steps in the problem is only going to escalate.

 

Last year cyber the rise of warfare prompted the US Government to implement a DEFCON scale for cyber attacks, and now, after yet another “global attack,” when the WannaCry ransomware exploit spread across 150 countries and over 200,000 machines the blame for some of these attacks has spread wildly too. As a consequence, and in the aftermath of one of the most destructive ransomware attacks ever Microsoft has used cybersecurity’s latest headline grabbing moment to call for a “Digital Geneva Convention” to limit and defang future cyberattacks.

 

RELATED
Researchers build the world's first 1,000 core CPU

 

Redmond has also received some share of the blame. Although Microsoft released a security patch in March that closes the hole the attack exploited it’s thought that thousands if not hundreds of thousands of Windows XP machines are still at risk – at least until that it they’re patched.

On the other hand, said company president Brad Smith the WannaCrypt exploit drew on vulnerabilities the NSA stockpiled but didn’t publicise or even report covertly to Redmond. Instead, hackers stole those vulnerabilities from NSA and the reportedly used them to make WannaCry.

In addition to blaming the spooks, IT departments have also been rapped for being slow to respond to patched vulnerabilities, but above the entire chorus of blame, Microsoft is now also promoting clearer cybersecurity expectations and responsibilities for companies and governments.

 

RELATED
Inside OpenAI, the company setting AI free

 

“It’s time,” said Smith, “to take a page from the atomic age. What the world needs is a new independent organisation, a bit like the International Atomic Energy Agency that has addressed nuclear non-proliferation for decades.”

“We need an agency that has the international credibility not only to observe what’s happening, but to call the question and even identify the attackers when nation-state attacks happen. That is the only way that governments will come to recognise that this is not a program that will continue to pay off.”

“What we need now is a Digital Geneva Convention,” he added, “we need a convention that will call on the world’s governments to pledge that they will not engage in cyberattacks on the private sector, that they will not target civilian infrastructure, whether it’s of the electrical or the economic or the political variety. We need governments to pledge that, instead, they will work with the private sector to respond to vulnerabilities, that they will not stockpile vulnerabilities, and they will take additional measures.”

 

RELATED
Lifting the curtain on NeuraLink, Elon Musk's adventure to connect humans and machines

 

Hans Klein, Associate Professor at Georgia Institute of Technology’s School of Public Policy, though says Microsoft is taking some risk in being as pro-active as they are.

“In some ways it’s a daring move by Microsoft,” Klein says, “it opens up the question of global regulation of companies like Microsoft. If we start talking about global public policy, and Geneva Conventions and industry agreements, suddenly it might not just be the governments that are being asked to behave better, and possibly with sanctions backing that up. The companies might be asked or required to behave better too. And that might not be a bad thing.”

For instance, Klein says, what if Windows XP, whose support was cut off back in 2014, is so broadly adopted around the world that governments begin requiring Microsoft to continue supporting XP regardless of its profitability or un-profitability for the company? What if, in other words, Windows XP has become something closer to a public utility?

 

RELATED
The death and rebirth of Moore's Law

 

“When it happened, I thought it was pretty noteworthy that a company could declare that it would no longer support a product like Windows XP,” said Klein, “apparently there was some limited debate [in 2014] but a little less than I expected. But since WannaCry, [the XP debate] might come back. When the hospitals are getting hit hard, maybe there’s a social and public responsibility for Microsoft.”

About author

Matthew Griffin

Matthew Griffin, award winning Futurist and Founder of the 311 Institute, a global futures think tank, is described as "The Adviser behind the Advisers." Regularly featured on AP, CNBC, Discovery and RT, his ability to identify and track hundreds of game changing emerging technologies, and explain their impact on global culture, industry and society, is unparalleled. Recognised for the past five years running as one of the world's foremost futurists, innovation and strategy experts Matthew is an international speaker who helps governments investors, multi-nationals and regulators around the world envision, build and lead an inclusive future. A rare talent Matthew sits on the Technology and Innovation Committee (TIAC) for Centrica, one of Europe’s largest energy companies, and his recent work includes mentoring XPRIZE teams, building the first generation of biocomputers, helping the world’s largest manufacturers companies envision the next five generations of smartphones and devices, and what comes next, and helping companies including Qualcomm envision the next twenty years of semiconductors. Matthew's clients are the who’s who of industry and include Accenture, Bain & Co, BOA, Blackrock, Bloomberg, Booz Allen Hamilton, BCG, Bentley, Dell EMC, Dentons, Deloitte, Deutsche Bank, Du Pont, E&Y, Fidelity, Goldman Sachs, HPE, Huawei, JPMorgan Chase, KPMG, Lloyds Banking Group, McKinsey, Monsanto, PWC, Qualcomm, Rolls Royce, SAP, Samsung, Schroeder's, Sequoia Capital, Sopra Steria, UBS, the UK's HM Treasury, the USAF and many others.

Comments
  • Maggie Kennedy#1

    14th December 2017

    Its an approach….but crikey we leave ourselves so open;)

    Its totally charming when things “work out of the box” when its “idiot-proof”.But anything….anything secure will need a little bit of thought about configuration, change, access & access lists.

    What do we do about all the dumb “smart devices” out there (not just kettles,toasters,smart-meters,cutouts,switches,pressure sensors & valve openers but including all the new but stunningly insecure car-keys,cctv,home-hubs & home entertainment systems people are rushing out to buy…)
    well………..

    Dump them or have a governmentally supported “Janitor”(as in the benevolent UK dictator-hacker who knocks out dumb devices)?

    I’m still working on it ……but meantime get a new router and get busy with the black tape in between work & holiday skype & facetime sessions;)

    Reply

Your email address will not be published. Required fields are marked *