Protecting the innocent from cyber warriors
In new warnings about cyberattacks by foreign entities, Britain and the United States have lately left the impression that innocent civilians, and not just governments, might become victims on a digital battlefield. On Nov. 15, for example, the US said North Korea is targeting banks, airlines, and telecom firms. And Britain claimed Russian hackers have targeted energy networks and the media. Prime Minister Theresa May accused the Kremlin of a campaign of cyber 鈥渄isruption.鈥
The warnings are credible given evidence of Russian meddling in the 2016 US elections and North Korea鈥檚 2014 hacking of Sony Pictures. Last spring, the so-called WannaCry virus shut down hospitals in Britain, rail ticket operations in Germany, and some FedEx operations in the US. Terrorism experts also warn of Islamic State or Al Qaeda shutting down critical infrastructure, such as electric grids.
鈥淎lgorithms can be as powerful as tanks, bots as dangerous as bombs,鈥 says top United Nations official Michael Moeller.
Amid these rising fears, however, digital experts are calling for new international norms and agreements that recognize the need to wall off civilians from cyberharm. The idea is to replicate the kind of pacts that have largely curbed instruments of war, such as chemical weapons.
Under the Geneva Conventions that serve to protect the innocent during a conflict, cyberwarfare is already restricted to military targets. Just as warplanes cannot drop bombs on civilian hospitals, government hackers cannot hit civilian facilities, such as a factory.
Yet these humanitarian rules apply only during war. Many cyberattacks today are stealthy events by an adversary whose identity cannot be easily detected. Governments are responding by beefing up their cybercapabilities to respond in kind. This risks the possibility of widespread and mutual destruction of digital networks.
Just as the Geneva Conventions and other agreements have set legal bumpers for the use of physical weapons, the world needs a pact that restrains digital attacks. Microsoft鈥檚 president and chief legal officer, Brad Smith, has even called for a 鈥渄igital Geneva Convention鈥 out of his perception that 鈥渘othing seems off limits鈥 in cyberattacks these days.
鈥淣ow is the time for us to call on government to protect聽civilians聽on the Internet in times of peace,鈥 he said. 鈥淲e need a聽convention聽that will call on the world鈥檚 governments to pledge that they will not engage in cyberattacks on the private sector, that they will not target聽civilian聽infrastructure whether it鈥檚 of the electrical or the economic or the political variety.鈥
Another idea is for tech companies to prevent their products from being weaponized. Last month, Peter Maurer, president of the International Committee of the Red Cross, which is guardian of the Geneva accords, visited companies including Facebook and Microsoft to ask that they alter their technologies to prevent them from being used as instruments of war.
Such ideas are grounded in a powerful concept well developed since the mid-19th century that even enemies must recognize the innocence of noncombatants. With each new type of weapon, the world must again find the means to protect the dignity of innocent lives.
