In light of the recent WannaCry (WannaCrypt) ransomware attacks, which saw an NSA-owned virus stolen and used in an attack that brought UK hospitals to its knees, Microsoft has issued a statement on its official blog asking for “a new Digital Geneva Convention” to avoid the hoarding of malicious vulnerabilities by government agencies.
The statement made by Brad Smith, President and Chief Legal Officer of Microsoft, begins by describing the nature of the global attacks and expounding any relevant context on the issue. It then goes on to assure us that the company will assess the attack and strengthen its capabilities as a result, but also urges businesses and members of the public to ensure their systems are kept up to date with the latest patch.
Smith’s third point is to denounce the “emerging pattern” of global governments stockpiling viruses such as WannaCry, only to have them leak into the public domain and be used in widespread attacks. He finds the threat so severe as to liken it to “the U.S. military having some of its Tomahawk missiles stolen” and points to the need for something like a Digital Geneva Convention that he had proposed in February.
Overall, Smith’s statement is an urgent call for a united front — the tech sector, customers, and governments — against cyberattacks, but the biggest wake-up call is by far the message to government agencies such as the NSA and CIA.
