Microsoft's Brad Smith urges action on nation-state cyberthreats

At last year's RSA Conference, Microsoft President Brad Smith said the rise of nation-state cyberthreats had fundamentally changed the industry -- and that was before the infamous WannaCry and NotPetya ransomware attacks.

This year, Smith took the stage once against at RSA Conference, calling 2017 a "wake-up call," thanks to the state-sponsored ransomware attacks that brought many organizations to their knees. "We saw governments attacking civilians in a time of peace," he said.

Smith said it's easy to dismiss WannaCry and NotPetya as just another set of cyberattacks that affect computers. "If there is one message that we need to come together and convey to the governments of the world, it is this: No, that is not just an attack on machines," he said. "That is an attack that is endangering people's lives."

To that end, Smith showed a video that demonstrated how the ransomware attacks crippled hospitals and forced doctors to postpone patients' medical care. "That is why we need to answer the call," Smith told the audience, adding that the technology industry and infosec community have a "responsibility to the world."

Smith highlighted projects in the private sector like the Defending Democracy Program, Microsoft's effort to curb election hacking and protect candidates and campaigns from cyberattacks. Smith also reminded the audience that, at last year's RSA Conference, he called on industry leaders to come together in a consortium to confront nation-state cyberthreats and put security first. "This morning, 34 companies across our industry did just that. We announced a new Cybersecurity Tech Accord," he said. "That is the kind of progress we need to make."

We saw governments attacking civilians in a time of peace.

The Cybersecurity Tech Accord includes companies like Facebook, Cisco and Dell, which pledged to work together "to protect and empower civilians online and to improve the security, stability and resilience of cyberspace."

In addition, Smith called on the world's governments to do more to address nation-state cyberthreats. He said while there's been progress on reviewing laws and agreements around cyberattacks, more needs to be done. Specifically, Smith called for a "digital Geneva Convention" that outlaws cyberattacks on electrical grids, hospitals and other critical infrastructure that could lead to loss of human life.

Others at RSA Conference 2018 echoed Smith's concerns about growing nation-state cyberthreats. "Nations are addicted to cyberespionage," said Kenneth Geers, chief research scientist at Comodo, based in Clifton, N.J. "It's easier for governments to launch cyberattacks instead of actual physical [military] attacks."