Microsoft Thinks Agencies Like The NSA Should Share More With Tech Companies, Calls For A “Digital Geneva Convention”

Microsoft wants government agencies around the world and in particular the NSA to do more in stopping attacks like WannaCry in future even though the vulnerability first originated from its own operating system and has since been fixed in an update since March. Microsoft’s President and Chief Legal Officer, Brad Smith said

“The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year…. This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

Government agencies like the CIA and the NSA according to reports know about these vulnerabilities but seldom inform tech companies and it is this that has been exploited by some online, I agree with Microsoft on this because while the worst of the WannaCry storm may be over, we may not be so luck in future.