The world needs digital rules of war

Like its namesake, this digital Geneva Convention would aim to protect civilians from being caught in the virtual crossfire of cyberwarfare.

Doing nothing is no longer a viable option

Microsoft's president and chief legal officer has called for the formation of a digital Geneva Convention to govern the way countries wage digital wars. (The Associated Press)

Years ago, it would have been ludicrous to suggest that a single tweet could kickstart a global war. Today, the idea doesn't seem so far-fetched.

Just as the digital revolution has reshaped the way people interact on an individual basis, so too has it changed the nature of hostile interactions between nation states.

The president of the United States can now whip up panic with a single tweet, and foreign embassies are airing their grievances online, too. But it goes beyond individual messages; the power grid in Ukraine has been repeatedly hacked, allegedly by Russian hackers, which has left whole swathes of Kyiv in darkness.

Russian cyber influence also played a role in the U.S. election (through the hacking of the Democratic and Republican national committees and the leaking of select information), which had a tangible effect on both U.S.-Russia relations (the introduction of new sanctions) and questions about the legitimacy of the new Trump government. 

And last fall, a distributed denial of service (DDoS) attack shut off vast portions of the Internet for most of the U.S. east coast, carried out by what is believed to be independent hackers seeking financial gain. For 24 hours the attack was all anyone could talk about, but when access to popular websites resumed, it was forgotten as quickly as it happened.

Nevertheless, the Department of Homeland Security stepped in, and rightfully so; this attack only affected sites like Twitter and Airbnb, but what happens when a similar attack hits critical infrastructure? After all, as Wired reported last year, many parts of the U.S. grid are less secure than Ukraine's, and would take longer to reboot in an emergency.

Digital rules

So how do we protect ourselves against these types of activities and attacks? Despite a rise in government and infrastructure-targeted cyber attacks, few international agreements or "digital rules of war" have been established for the internet era. But now, tech and industry leaders are stepping forward to tackle the issue.

Microsoft's president and chief legal officer, Brad Smith, has called for the formation of a digital Geneva Convention to govern the way countries wage digital wars. Like its namesake, this digital Geneva Convention would aim to protect civilians from being caught in the virtual crossfire of cyberwarfare.

It would include guidelines to see that the private sector and critical infrastructure are not targeted, and that assistance would be available for "private-sector efforts to detect, contain, respond to and recover from events." Smith also calls for the use of restraint, both in the development of cyber weaponry and in the imitation of offensive operations.

We need to establish internationally agreed upon "rules of the game." (Jim Urquhart/Reuters)

The impetus to get started on something like this is that the cyber arms race has already started, according to security technologist Bruce SchneierAnd like traditional weaponry, once cyber weapons exist — be it powerful malware or other digital means of causing damage or injury — there is no turning back.

"It is only a matter of time before something big happens," says Schneier, "perhaps by the rash actions of a low-level military officer, perhaps by a non-state actor, perhaps by accident. And if the target nation retaliates, we could find ourselves in a real cyberwar."

There will be challenges when it comes to enforcing the terms of a digital Geneva Convention, as there are with any buy-in international agreement or treaty, but doing nothing is no longer a viable option. We need to establish internationally agreed upon "rules of the game," before we find ourselves in a global crisis over a hacking, or a DDoS attack, or even a tweet — not after.

This column is part of CBC's Opinion section. For more information about this section, please read this editor's blog and our FAQ.


Ramona Pringle

Technology Columnist

Ramona Pringle is an associate professor in Faculty of Communication and Design and director of the Creative Innovation Studio at Ryerson University. She is a CBC contributor who writes and reports on the relationship between people and technology.


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?