A Digital Geneva Convention?: The Role of the Private Sector in Cybersecurity

In this article, Raquel Vazquez Llorente uses Microsoft’s proposed Digital Geneva Convention as an entry point to explore the following question(s): “What is the role the private sector should play in cybersecurity policy, and how can this co-exist with the traditional responsibilities of states?” First, the report addresses the expansion of the market for malicious software and the associated militarization of the cyber domain and second, it explores the various and evolving roles of corporations, intergovernmental organizations, and states in cyberspace. Llorente notes the unique relationship between the private sector and cybersecurity, namely, that its core infrastructure (i.e. underlying networks) is “predominately owned and controlled by the private sector.” Finally, the author traces the history of Microsoft’s “prioritization” of cybersecurity as well as the Digital Geneva Convention and International Cybersecurity Norms. The article concludes by arguing technology companies “need to play a more proactive role in the formulation of cybersecurity policies,” and correspondingly, that states and decision-makers must ensure “global cybersecurity arrangements take in expertise of the private sector.”