In brief: It’s not just rogue AI that we have to worry about destroying society. Microsoft CEO Satya Nadella warns there’s a risk that the world order could break down as a result of nation-state hackers. His suggested solution is a Geneva Convention for cybersecurity.

Nadella recently spoke to journalist and NBC Nightly News anchor Lester Holt about several topics, including AI, the 2024 election, and Microsoft’s recent admission that Russian group Cozy Bear accessed its corporate network for a month last year.

Holt asked Nadella about the “alarm bells” that went off at Microsoft HQ and Capitol Hill, given the government’s reliance on the company, when the hacking incident was uncovered.

“When you have an adversary who is a nation-state or a country that, you know, has institutional sort of strength, organizations that are both well-resourced and are relentless in attacking – I’m glad that we have the capability we have to even detect what they’re doing on the cyber side,” Nadella said.

Nadella said hacking incidents such as these aren’t just about private companies figuring out how to address them. When nation states are involved, it “raises this to a different level of dialogue.”

The Microsoft boss called for the US, Russia, and China to come together to form a type of cyber Geneva Convention. Without this, the launching of cyberattacks by two nation-states against each other, especially against civilian targets, could lead to an unprecedented breakdown in world order, Nadella warned.

The 1949 Geneva Conventions form the core of international humanitarian law, which regulates the conduct of armed conflict and seeks to limit its effects. They protect people not taking part in hostilities and those who are no longer doing so. The Geneva Conventions are signed by 196 states.

Microsoft talked about the need for a digital Geneva Convention to protect the public from nation-state threats back in 2017. The Redmond firm wrote that the technology sector and civil society groups can pave the way for a legally binding agreement that will ensure a stable and secure cyberspace.

Cozy Bear (aka Midnight Blizzard) infiltrated Microsoft in November 2023 via a password spray attack to compromise a legacy, non-production test account. Microsoft said a “very small” percentage of corporate accounts were compromised, with members of the company’s senior leadership team, employees in cybersecurity, legal, and other departments affected.

Soon after Microsoft disclosed the attack, HPE said it was also attacked by Cozy Bear last year.


Source link