The call for a cyber Geneva Convention is one Microsoft has been echoing for some time. After the recent WannaCry and NotPetya attacks, however, their vigor for a cyber treaty has renewed, gaining the interest and support of Deutsche Telekom. The support of an international company has sparked consideration on an intergovernmental level for a treaty covering all cyberattacks.
A cyber treaty, however, is not as simple as many seem to think. According to an independent review by two researchers with the NATO-affiliated think-tank NATO Cooperative Cyber Defence Centre of Excellence, the idea of a digital Geneva Convention is "confusing and politically unrealistic."
The original Geneva Conventions are part of international humanitarian law, designed for armed conflicts and any operations that have a link to armed conflict. Attempting to take the framework outside the scope of armed conflict and make it applicable is an unrealistic approach offering limited options, one of the researchers, Tomáš Minárik, said.
A second researcher, LTC Kris van der Meij, explained that there are other international laws accounting for peacetime cyber activities such as "those found in the Council of Europe's Convention on Cybercrime."
"Improving the cybersecurity of critical infrastructure, but also convincing states to extend the right to privacy extraterritorially, curbing indiscriminate online surveillance and data retention, and addressing international law violations by governments are important and realistic goals," Minárik said.
These goals are not going to be achieved through a universal consensus, he argued, but through a gradual progress, making any efforts for a Digital Geneva Convention to be counterproductive.