Following its call earlier this year for a Digital Geneva Convention, to address the growing threat of state sponsored cyber attacks. Microsoft released a paper about cyber security norms for nation-states and the global information and communications technology (ICT) industry.
Of particular note is the paper’s call for the equivalent of an International Atomic Energy Agency (IAEA) to conduct attribution analysis in the area of cyber attacks.
At its core, this organization would consist of technical experts from across governments, the private sector, academia, and civil society with the capability to examine tactics, techniques, and procedures used by nation-state attackers, as well as indicators of compromise that suggest a given attack was by a nation-state. Its essential output would be a technical analysis of the attack and evidence of attribution.
This could prevent potential offline retaliatory measures based on inaccurate attribution measures.
The study also outlined six cyber-security norms that nation states and global IT and telecommunications sectors should follow which are outlined below.