Adrian Leppard CBE, QPM, Templar Executives
Adrian was interviewed by ITV News on Monday and discussed government access to technological networks. http://www.itv.com/news/2017-03-27/exclusive-microsoft-boss-we-will-not-help-any-government-hack-any-customer-anywhere/
Nation states are now heavily committed to defending themselves against cyber warfare and espionage, with businesses and citizens getting caught in the cross fire.
In response, Microsoft President Brad Smith is calling for a “Digital Geneva Convention” which he believes can help protect civilians in the same way the original Geneva Convention helped define humanitarian protection in times of war.
“Technology companies must retain the trust of their customers and must not assist governments with their hacking schemes even though world leaders may request them to do so.” Smith said at the annual RSA Cybersecurity conference in San Francisco. He called on world governments to put aside their differences and pledge that they would not hack civilians or stockpile security vulnerabilities, which they could use to spy on individuals or steal user data. Furthermore, he encouraged governments to work with businesses to identify security threats when they occur.
In my opinion, taking action like this is easier said than done and big businesses need to put their own house in order first. Each year we are seeing a staggering and rapidly increasing number of major data breaches, showing that businesses are failing to take the necessary steps to secure their valuable data.
Microsoft itself was recently publicly ‘outed’ by Google who had given the multinational technology vendor 90 days to respond to known security vulnerabilities in Internet Explorer 11 and Edge. After receiving no response from Microsoft, Google published the vulnerabilities forcing them to take action.
In addition, through the publication of WikiLeaks Vault 7, we have seen a host of system vulnerabilities that are ‘apparently’ being taken advantage of by state espionage.
Yes, governments and big business should be having the debate on Cyber Security since we urgently need some common global standards on system and information security. Government and industry also need a common regulatory framework to ensure corporate business is compliant with a minimum set of security standards that minimise vulnerabilities. Undoubtedly, there are many ways that governments could and should contribute to this debate and incentivise an effective approach.
Espionage is as old as history itself and by its nature it does not play by any rules. The notion that some form of international agreement can be achieved regarding nation states’ use of the Internet to spy, is somewhat unrealistic. However, what is essential is that business and governments begin this debate and arrive at some actionable insights. In our aspirations to making the Internet a safer place for everyone, an international convention of this kind could be an excellent start.