Microsoft earlier this week said that several hours before the
launch of missiles or movement of tanks on February 24 that began the Russian invasion into Ukraine, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of “offensive and
destructive cyberattacks” directed against Ukraine’s digital infrastructure.
Microsoft has long called for creating a new Geneva Convention that governs cyberspace. “We
remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts,
and energy sector organizations and enterprises,” Microsoft President Brad Smith wrote in a blog post. “These attacks on civilian targets raise serious concerns under the Geneva
Convention, and we have shared information with the Ukrainian government about each of them.”
Smith wrote that Microsoft advised the Ukrainian government about the situation, identified
the use of new malware, and provided technical advice on steps to prevent the malware’s success.
Microsoft also has provided threat intelligence and defensive suggestions to Ukrainian
officials regarding attacks on targets, such as Ukrainian military institutions and manufacturers and several other Ukrainian government agencies, and advised the Ukrainian government about efforts to
steal data, such as health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets.
In 2017, at the RSA Conference in San
Francisco, Smith cited cybercrime as a “growing problem, a problem in need of a new solution.”
He called cyberspace the “new battlefield” and that the “world of potential
war has migrated from land to sea to air and now cyberspace.” And called it a “different kind of battlefield than the world has seen before.”
Smith called on the
world’s governments to come together. “They came together in 1949 in Geneva, Switzerland, and that is what led to the recognition that they needed the Fourth Geneva Convention to protect
civilians in times of war,” he wrote.
The world needs a Digital Geneva Convention, he wrote. “A convention that will call on the world's governments to pledge that they will not
engage in cyberattacks on the private sector, that they will not target civilian infrastructure, whether it's of the electrical or the economic or the political variety.”
He asked
governments to pledge that they will work with the private sector to respond to vulnerabilities, and take the required measures.