Geneva is, indeed, a city where
the world comes together.
It comes together to think about
the intellectual issues of the
world, it comes together to
think about the opportunities,
and perhaps even more so, the
challenges that confront the
world.
And as we think about the days
and the years in which we now
live and the future ahead, I
think we now need to recognize
that it has already become a
digital world.
It is a world, as you heard that
does not yet connect everyone.
And I think one of the great
opportunities of all of us alive
today is to broaden the reach,
to bring these opportunities to
the rest of the planet.
But as we do so, we also need to
think about the challenges that
exist on the internet already.
As we do so, I think it's
helpful to put in perspective
what goes on here by looking at
the past and what has happened
in Geneva because it is a city
where so many important steps
have been taken over the
centuries, and yet it is also a
place where the world has not
always succeeded, as we all
appreciate.
For me, I look to inspiration,
to some degree, to Henri Dunant.
If ever there was an unlikely
person to found the spirit of
Geneva, perhaps it was him.
He was a businessman.
He was a businessman who, by
complete coincidence, found
himself on the battlefield in
what is now Italy, in Solferino,
in 1859, the day of the most
deadly battle in Europe since
literally the battle of
Waterloo.
He was there not because he was
seeking a battle or even to help
the people who had been wounded,
he was there as a businessman to
seek an audience with Napoleon
III to ask for a concession of
land.
But what he witnessed that day
opened his eyes, and as it
opened his eyes, he used his
voice to open the eyes of other
people as well.
He wrote a book, he published
it, he worked together with a
committee of four other people
here in Geneva.
And out of their work, their
became an organization that all
of us know and I think deeply
appreciate so much -- the
International Committee of the
Red Cross.
And, of course, what he created,
in fact, was not only a
blueprint for the ICRC, but a
blueprint for the protection of
people who were being maimed and
injured by technology that was
changing the face of war.
Because one of the hallmarks of
the battle of Solferino in 1959
was the impact of new
technology, rifled muskets,
cannons, that literally were
mowing down soldiers in a way
that they had never suffered
before.
And he recognized that humanity
needed to catch up with the
technology it had created.
It needed to organize itself in
new ways, and he had an insight
that no one had had before.
He noticed that the first
responders on the battlefield
were typically medics of a
uniformed army or volunteers.
And he advocated, he persuaded,
he succeeded in convincing the
leaders of governments in Europe
that despite the fact that the
medics were uniformed soldiers
of a specific army, they should
be treated as neutrals, so they
wouldn't have to retreat with
their armies and leave the
wounded behind, but instead they
would be protected so they could
treat those whose lives were at
stake.
And as neutrals, they would take
on a new obligation, an
obligation to treat the injured
of all armies, even those they
had been battling against.
And this neutrality would extend
not just to the medics, but to
the volunteers who worked with
them.
The governments of Europe came
together here in Geneva for a
week in October of 1863.
And on the 29th of October, they
adopted this proposal.
And on that day, the spirit of
Geneva took root.
And there have been many years
and many issues where that
spirit has served the world so
well, so often addressing the
new challenges of technology,
challenges around chemical
weapons, challenges that brought
governments together to prohibit
their use.
Challenges around the
humanitarian law that would
protect people, civilians and
the injured.
Challenges of new generations of
nuclear weapons, including the
intermediate nuclear forces.
Challenges that were often
addressed by governments, and
sometimes challenges that were
addressed by people outside of
government, as was the case with
landmines before they led to the
treaty in 1997.
There is such a rich, proud
tradition on which one can build
as we think about the future.
And yet, as we do, I think it is
equally important to remind
ourselves that like every place
on the planet, success has not
been uniform.
There have been other decades
and other challenges where the
world came to Geneva and the
world looked away.
That was perhaps most
pronounced, as we know, in the
decade of the 1930s when there
was the invasion of Manchuria,
when there was the crossing of
the Rhine, when there was a
recognition in the early '30s
that the governments of the
world had an opportunity to act
to address what was clearly the
spread of new technology that
would change the face of
warfare.
And when the disarmament
conference in the early '30s
failed, there was perhaps one
person, more than any other
person, who recognized what had
happened and why this was an
issue not only for governments,
but for technologies and for the
world.
Perhaps not surprisingly, that
person was Albert Einstein.
And he thought about the
meetings that had taken place in
Geneva, as he thought about the
failures of the conferences and
discussions that had taken place
here, he went to the core of the
issue.
He recognized that technology
had advanced and because
technology had advanced,
humanity needed to organize
itself in new ways to manage
this.
And that humanity had failed to
do so.
And because humanity had failed,
he said that, in fact, what the
world was left with was these
achievements of the machine age,
but in the hands of that
generation, technologies that,
in his words, were as dangerous
as a razor in the hands of a
three-year-old child.
And so as we think about the
advances of technology, we can't
help but think about what
technology innovation has meant
for weapons.
Unfortunately, we all appreciate
that the course of history has
so often shown that it has led
to the horrors of war, and it
has led to even more powerful
military might on land, in the
water, in the air, and now in
our generation, in our time, in
a new place as well, in
cyberspace.
And so the fundamental question,
in part, is: What will as a
planet make of this new
development?
The reality is that technology
in cyberspace is, in many
respects, unfolding as
technology always has -- on
land, on the water, and in air.
Because what are we seeing?
We are seeing a new arms race.
In fact, as you already heard,
we've entered a new era.
We've entered a new era of
invisible weapons because, after
all, when we talk about a cyber
weapon, it's not as if it's
something one can hold in a hand
like a gun, or look across and
see like a plane or a missile,
and yet, its impact can be
profound.
And as we think about the year
2017, the year in which we come
together here in Geneva, I
believe that it is altogether
possible that a generation or
two from now, people will look
back at this year and they will
look at the 12th of May.
And they will say that on the
12th of May, 2017, the world
changed again.
It changed because it was on
that day, a Friday, that the
so-called WannaCry attack was
unleashed.
By any measure, it was an
extraordinary day, and it was an
extraordinary event.
It was an attack that was
launched using cyber weapons
that had been created in one
country and then stolen and used
by another.
And even though the attack was
thwarted almost by coincidence,
by a computer scientist in the
United Kingdom, before it ran
its course, it impacted, it
damaged, it impaired over
200,000 computers in 150
countries.
Think about this.
In the history of our planet, in
the course of humanity, has
there ever been a single attack
by any nation that affected as
many other nations
simultaneously as that attack
did on the 12th of May?
I don't think one can find one.
If that were the only thing that
had happened this year, this
would be a year that was unlike
any other, and yet the challenge
is that's just the biggest
attack that happened in the
month of May.
In the month that followed, in
the month of June, we saw
another attack, the NotPetya
attack.
Here was an attack that was
focused on disrupting the
electrical grid and the civilian
infrastructure, the private
economy of a nation, Ukraine.
It, ultimately, spread beyond
Ukraine, but not before it
damaged that country.
And, of course, this follows, as
we all know, a tumultuous year
and a half, a year and a half
when cyber weapons and tools
were used to attack politicians
and the political process in the
United States.
It is a process that we have the
opportunity as a technology
company literally to follow
across Europe and around the
world because we see what
technology is doing, we hear
from our customers.
What we have seen just over the
course of the last year is
attacks spread across the map of
Europe.
Including efforts to hack into
the e-mails of every single
major candidate seeking the
office of the presidency of
France.
It is not something that is
confined to acts by a single
nation.
We see each month attacks coming
from different countries and in
different parts of the world.
And, of course, today it is easy
to look at this and say, "Well,
thank goodness they're only
attacking machines."
One might even say, "Isn't it a
good thing that these are not
like conventional weapons that
are actually seeking to harm
people?"
But this is where we need to
think again.
And if what we want to see is
what the future may hold, we
should go back to the 12th of
May, and we should consider the
audit report that came from the
British Government just two
weeks ago.
What it shows was that the
WannaCry attack disrupted an
impacted hospitals across the
United Kingdom.
And by impacting hospitals, it
impacted individuals.
As the National Audit Office
showed, there were 6,912 people,
patients, individuals who were
scheduled for medical care on
that day.
They were scheduled to see a
physician or they were scheduled
for a surgical operation and
their medical care that day was
canceled.
There were ambulances on their
way to take patients to
hospitals that were diverted to
other hospitals instead.
So this is about people.
And I think perhaps one of the
most sobering things it means,
especially for people who have
the opportunity to come together
in a place like Geneva, is what
it, in fact, says about the
course of the world.
Because it was here in Geneva in
1949 that the world's
governments came together and
pledged that they would protect
civilians even in times of war,
and yet, let's look at what is
happening.
We are seeing nations attack
civilians, even in times of
peace.
And yet, it is so clear that
this issue is either going to
become more serious or less so.
It will either get better or get
worse, but on its current
course, one should certainly not
be sanguine because we live in a
world where the infrastructure
of our lives is ultimately
vulnerable to the weakest link.
Increasingly, we live in a world
where if you can hack your way
into a thermostat, you may be
able to find your way across the
electrical grid, and think about
what the future holds.
It is clear where the world is
going.
We are entering a world where
every thermostat, every
electrical heater, every air
conditioner, every power plant,
every medical device, every
hospital, every traffic light,
every automobile will be
connected to the Internet.
Think about what it will mean
for the world when those devices
are the subject of attack.
Think what it will mean for the
people of Geneva when they leave
their office in the evening to
drive down the highway if we
have to live in a world where
nations and others feel free to
attack the grid that is
controlling the automobiles that
are driving home for us.
The reality is that digital
technology has become the
cornerstone of our lives, and
therefore one of the great
questions of our time is this:
What is to be done to protect
this planet and all of this
digital technology?
As someone who comes from a
company like Microsoft who spent
almost a quarter of a century
working in the tech sector, I
would absolutely be the first to
say that, in fact, we have the
first responsibility, after all,
we built the stuff.
And when we think about attacks
in cyberspace, we have to
recognize that not only is
cyberspace the new battlefield,
but it's a different battlefield
than land and air and sea for
the most part, because when
there are attacks on cyberspace,
there, in fact, are attacks on
private property.
It may be against the phone that
is in your pocket or the laptop
that is on your desk or the
servers that are in our data
center or the cables that are
underneath the ocean that we
operate that connect data
centers together.
So, of course, we must adopt the
sense of responsibility that is
incumbent upon us to do a better
job than anyone else, to act
first, and that is, in fact,
what we are doing as a company,
it is what I believe our
industry is working to do.
We're working to engineer
security into every part of our
products so that the access to
networks is governed properly,
so that there's protection for
information, there's protection
against the inevitable threats
that are unleashed every day,
and security engineers are given
the tools to manage technology
more effectively.
It is an area of huge
investment.
As a company, we at Microsoft
spend $1 billion every year just
on security innovation.
But in a sense, the biggest
asset we now have, one we didn't
have a decade ago is the use of
data.
We use our access to data to
identify threats as quickly as
we can, to respond to them, to
protect people from them, and to
help those who are hurt.
In so many ways, however, we
need to recognize that this is a
shared responsibility.
Oh, it is a responsibility that
starts with technology
companies, but it is a
responsibility that then
connects to every customer on
the planet, every business,
every government, every
individual.
Because like all such things,
the security is only as good as
it is when it is put to use.
One of the interesting facts
about cybersecurity attacks is
that 90 percent of all of these
attacks begin the same way, by
somebody clicking on a link in
an e-mail that they receive.
As we've sought to protect
people more effectively, one of
the things we've learned is that
human nature is both a wonderful
and challenging thing.
As somebody said in a conference
I was at earlier this year, it
turns out that every
organization has at least one
employee who will click on
anything.
So we need to protect people
from their bad habits, but more
than that, we need to help
customers, governments, NGOs,
companies modernize their
technology because the threats
are racing forward, and it has
become so clear that it is
impossible to protect oneself
from the threats of the present
by relying on tools from the
past.
In fact, that is what we're
seeking to do.
It many ways, in a way that no
one would have predicted five
years ago, it has become the
role of tech companies to be the
first responders on this new
battlefield because we see the
threats first, and we're in a
position to act quickly.
And so it is this role of first
responders that we've taken on
for ourselves, and it's
something I believe we need to
continue to do.
We need to think about all of
the appropriate tools that are
at our disposal.
Interestingly, one of the tools
that we've discovered, not
surprisingly, perhaps, is the
combination of technology with
the rule of law.
That's why we at Microsoft have
developed a new tool to fight
back, to protect people.
It's a new court order that
we've been able to go to court
in the United States to seize
control lawfully by judicial
mandate of domains that have
been hacked so we can then
identify what customers are
being attacked by nation-states.
And then we can go to those
customers, as we do, to let them
know and to protect themselves
and stop the attacks from
recurring.
In fact, this is something that
we have done now over the last
16 months with over 75 domains
to help customers in 91
countries around the world.
It has inspired us to think
about what we as a tech sector
can and need to do, because we
need to play our part, we need
to live up to our
responsibility.
Not just as individual
companies, but as a group and an
industry.
That's why one of the things
we've called for is a new tech
sector accord.
We've called for the companies
in the technology sector, in
effect, to adopt the same
principles that the medics did
of armies after the battle of
Solferino, to recognize that we
should come together and pledge
to work together and to live up
to a set of principles that we
should all adopt, principles
that would commit us to say that
we will not help any government
attack anyone anywhere.
To the contrary, we will assist
anyone who is injured anywhere.
Just like the medics and
volunteers were called upon to
do.
And, in fact, we'll work
together more closely to share
information about threats and to
respond more quickly.
In effect, even in a world where
there is growing nationalism and
populism, even in a world where
there might be growing
skepticism at times about what
governments can come together
and accomplish, we believe that
the spirit of Geneva provides a
compelling example.
And that's why we've called on
governments to think about
giving technology companies the
opportunity to work together, in
effect, as a neutral digital
Switzerland, to protect people
around the world.
But, finally, I would say this:
We also need governments to act.
I think one can look at all of
these issues and ask, "Can't the
technology sector solve this
problem by itself?"
The answer is: No.
It is a resounding no for one
simple reason -- nation-state
attacks are growing because of
increasing investments that are
leading to increasingly
sophisticated cyber weapons.
We simply cannot live in a safe
and secure world unless there
are new rules for the world.
Just as the world discovered
that it could not prevent the
scourges of war unless there
were international rules to
govern what happened on land and
on the sea and in the air, we
now live in a world that
requires that we have
established rules for cyberspace
as well.
Now, the good news is we don't
have to build on a blank piece
of paper.
There are many rules that are
already before us, and some of
them, you all and others may
well conclude should and even do
apply.
There is so much room for a real
conversation about the
interpretation and the meaning
of Article 2, Section 4 of the
United Nations Charter.
There is so much opportunity to
look at the other sources of
international law that exist
today, to look at the other
steps that governments have
taken, and to be inspired and
even build upon some of the
other actions that have happened
here in Geneva.
Certainly for me, one of the
greatest sources of inspiration
is, in fact, what happened here,
not just in this city, but in
this building in 1949 when one
things about the Fourth Geneva
Convention.
I have said, as you heard
earlier, that we do need to
build upon that.
The world needs a new digital
Geneva convention.
It needs new rules of the road.
What we need, we believe, is an
approach that governments will
adopt that says they will not
attack civilians in times of
peace.
They will not attack hospitals,
they will not attack the
electrical grid, they will not
attack the political processes
of other countries, that they
will not use cyber weapons to
steal the intellectual property
of private companies, that they,
instead, will work together to
help each other and the private
sector respond when there are
cyber attacks.
In fact, what we really need is
not only to recognize the need
for rules, but frankly, to know
when others are violating them.
Because, of course, the other
cornerstone, or at least another
cornerstone of international law
is knowing when violations take
place.
We need to recognize that that
is a more robust challenge in
cyberspace because one of the
goals, oftentimes, of actors is
to remain anonymous.
But that is not a problem that
is unique in the history of the
United Nations or the history of
weapons, it is a problem that
the international community has
come together in the past to
address, it is a problem that
the United Nations and the
International Atomic Energy
Commission continues to address
each and every day.
So here, too, there are examples
that we can consider.
There are lessons from which we
can learn.
But it does start with this.
It starts with the basic
proposition that every
government, regardless of its
politics or its policies, needs
a national and global IT
infrastructure that it can
trust.
As you heard earlier, this is
not just the cornerstone of our
lives, but it is a cornerstone
that people need to be able to
trust.
For all of these reasons, the
opportunity to come and spend
time with you this afternoon is
so important.
Because this is so clearly a
solution that the world needs,
it is so clearly a solution that
has so many important nuances,
that requires that people from
governments and from the
diplomatic community and
academic community, from NGOs
and from private businesses
address together.
We all have opportunities to
learn from each other, none of
us -- certainly none of us at
Microsoft has begun to figure
out all the answers.
But we do believe we know this:
When we look at where technology
is going, we believe that
cybersecurity needs to be a
cause for our time.
We need to go forward with the
clear recognition that this is
an issue that has become
fundamental to building a more
secure planet and contributing
to a better world.
Thank you very much.
