• by Laurie Sullivan  @lauriesullivan, March 2, 2022

Microsoft earlier this week said that several hours before the launch of missiles or movement of tanks on February 24 that began the Russian invasion into Ukraine, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of “offensive and destructive cyberattacks” directed against Ukraine’s digital infrastructure.

Microsoft has long called for creating a new Geneva Convention that governs cyberspace. “We remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises,” Microsoft President Brad Smith wrote in a blog post. “These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them.”

Smith wrote that Microsoft advised the Ukrainian government about the situation, identified the use of new malware, and provided technical advice on steps to prevent the malware’s success.

Microsoft also has provided threat intelligence and defensive suggestions to Ukrainian officials regarding attacks on targets, such as Ukrainian military institutions and manufacturers and several other Ukrainian government agencies, and advised the Ukrainian government about efforts to steal data, such as health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets.

In 2017, at the RSA Conference in San Francisco, Smith cited cybercrime as a “growing problem, a problem in need of a new solution.”

He called cyberspace the “new battlefield” and that the “world of potential war has migrated from land to sea to air and now cyberspace.” And called it a “different kind of battlefield than the world has seen before.”

Smith called on the world’s governments to come together. “They came together in 1949 in Geneva, Switzerland, and that is what led to the recognition that they needed the Fourth Geneva Convention to protect civilians in times of war,” he wrote.

The world needs a Digital Geneva Convention, he wrote. “A convention that will call on the world's governments to pledge that they will not engage in cyberattacks on the private sector, that they will not target civilian infrastructure, whether it's of the electrical or the economic or the political variety.”

He asked governments to pledge that they will work with the private sector to respond to vulnerabilities, and take the required measures.