Referencing lessons drawn from the 1983 film Wargames and the recent SolarWinds cybersecurity attack, Microsoft President Brad Smith used his CES 2021 keynote to call on the consumer electronics industry to work with governments and other agencies to set rules of the road and share information about cybersecurity threats.
While the fictional story of Wargames shined a light on the potential of catastrophic risks wrought by cybersecurity vulnerabilities and computer-driven automation, the SolarWinds hack revealed their realities, he said.
"We live in a time when science has caught up to science fiction," Smith said, referring to the recent cyber-espionage campaign against several US agencies via a vulnerability in SolarWinds's Orion platform that enabled the distribution of thousands of packages of malware on organization networks around the world. "In the year 2021, it's not a movie we are learning from; it's real life. The real life of the paste month and the attacks we've had to address, I think, are of critical importance."
Smith says he understands that governments have spied on each other for centuries, and that it would be naďve to think they would stop. But at the same time, he called for some "rules of the road" to help guide the CE industry and governments on how to rein in the threat, holding that there are norms and rules that have created expectations about what is appropriate and what is not.
"What happened with SolarWinds was not [appropriate]," Smith said. "Why? This wasn't a case of one nation simply trying to spy on or hack its way into a computer of another. It was a mass, indiscriminate global assault on the technology supply chain that all of us are responsible for protecting...It is a danger that the world cannot afford."
He urged the industry to come together and use its "collective voice" to deliver a "clarion call for the future" to tell world governments that the kind of supply chain disruption wrought by the SolarWinds hack is not something that any should be allowed to pursue or tolerate.
"If we don't use our voice to call on the governments of the world to hold to a higher standard, then I ask you this: Who will?" Smith added.
Smith also chastised cyberattacks against hospitals and others in the public health sector that have occurred during the pandemic. "This, too, should be off-limits in a time of peace, just as it is for the use of conventional weapons in a time of war."
He is also calling for more sharing of information among governments, companies and others in the private sector on threat intelligence to help avoid further, possibly even more damaging cyberattacks.
"Let's learn from the past; let's imagine the future. But most important let's put ourselves to work to take new steps collectively," Smith said.
Worries about AI
Smith also expressed concerns about the use of AI and machine learning technologies, holding that they are useful tools that could evolve into harmful threats.
He again used Wargames, a fictional movie about how a high school-aged hacker broke into an automated military computer system to play games that inadvertently brought the US to the brink of a nuclear war, as an example of the dangers of humanity surrendering too much control to computers.
The SolarWinds cyberattack is a clear indicator that technology is outpacing the ability of humans to exercise control, he said, noting that users of AI and machine learning must put up "new guardrails" to maintain that control.
"Technology has no conscience, but people do," Smith said. "And as an industry, we must exercise our conscience. We will decide if technology is used for good or for ill."
Data center tour
Smith's keynote was also marked by a virtual tour of the Microsoft data center campus in Quincy, Washington, that contains more than 20 buildings filling more than 2 million square feet over 300 acres and providing enough storage for 50,000 Libraries of Congress.
He said it represents critical digital infrastructure that likewise needs to be protected from all sorts of intrusion.
"I've just spared you not just a metal detector but what is probably the longest substantial security checkpoint you'll ever find on planet Earth," Smith boasted as he welcomed the camera in.
Microsoft's data centers are pretty green, and about to get greener. Running on diesel fuel today, each generator gives out less emissions than a typical lawnmower. But the plan in coming years is to replace them with generators that run on hydrogen or are powered by advanced fuel cells, Smith said.
- Russia-linked cyber group hacks US government agencies
- T-Mobile hacked again
- In 2021, as you work from home hackers eye your IoT
— Jeff Baumgartner, Senior Editor, Light Reading