What a week for security news! Microsoft did not provide its usual Patch Tuesday update today, citing “a last minute issue that could impact some customers and was not resolved in time for our planned updates today,” and not posting an expected date for the latest security updates.
And RSA 2017 is taking place in San Francisco this week. I was at Microsoft president and chief legal counsel Brad Smith’s keynote speech this morning, where he made the salient — if unsettling — point that the rise of nation-state hacking has put private citizens at risk in so many ways, from email phishing to utility grid shutdown, and as of right now, the first line of defense civilians have against nation-state hacking comes from the tech industry.
Smith is calling for the tech industry to stand together and recognize that global cyber warfare is not only bad for nations, it’s bad for business and bad for users. He sees tech companies as becoming “an industry that, even in an age of nationalism, is a neutral digital Switzerland upon which everyone can rely.”
He also outlined the argument that there needs to be a new Geneva Convention, one which addresses state-sponsored hacking and cyberwarfare, and outlines the obligations and responsibilities of technology companies toward citizens of the world. You can read more about his proposal here.
Smith’s keynote began the day; I ended my keynote sessions by listening to longtime security professional Bruce Schneier talk about how governments may or may not end up regulating the Internet of Things. His talk spiraled out into a bigger subject, that of the growing need for tech policy and security understanding at all levels of government. Why? Because, as he said, “We always knew that technology could subvert the law, but now we know that the law can subvert technology.”