A look into the past reveals that continuous developments in weaponry technology have been the reason for arms control conventions and bans. The banning of the crossbow by Pope Urban II in 1096, because it threatened to change warfare in favour of poorer peasants, the banning of poisoned bullets in 1675 by the Strasbourg Agreement, and the Geneva protocol banning the use of biological and chemical weapons in 1925 after world war 1, all prove that significant technological developments have caused the world to agree not to use certain weapons.

Today, another technology, the cyberspace, poses a new and unique threat. Unlike in the past where there was a separate battlefield, free of civilians, the cyberspace is us, everyone using the Internet. We have seen cyber threats evolve from criminals trying out new ways of robbery and extortion to nations states increasing interested and carrying out cyber attacks. Attacks like those on Sony Pictures in 2014, just because they exercised freedom of speech, the Russian attack on the Ukranian power grid in 2015 and even the 2016 cyber attack on the American political system are testaments to this fact.

With 4 billion users and multi-million dollar businesses depending on the Internet ecosystem, policies that preserve the open, stable and secure Internet is important. That is why Microsoft president, Brad Smith called for a digital Geneva Convention earlier this year. If the Microsoft President’s claim, that “74 percent of the world’s businesses expect to be hacked each year” are indeed true, then the private sector has reason to worry. A digital Geneva convention to protect civilians on the Internet where the private sector is neutral and first responders is necessary. A convention that mandates nations not to cyberattack the private sector nor a nation’s critical infrastructure. And just like it was resolved in the 1949 Geneva convention for a neutral and independent organization to ensure humanitarian protection and assistance in times of war and conflict, the digital convention should bring together actors from public and private sectors to create a neutral and independent organization that can investigate and attribute attacks to specific nations. Publicly sharing such information might deter nations from engaging in attacks.

A lot of progress has already been made by companies like Google, Microsoft and Amazon in fighting cyberattacks especially in areas like spam and phishing attacks but more still needs to be done. A collaborative effort from the private sector will achieve a lot more as first responders to nation-states cyberattacks. A commitment of a hundred percent defense and zero offense by the tech industry—as recommended by the Microsoft President, must be collectively made.