Issues & Insights

A ‘Digital Geneva Convention’ Won’t Stop Cyber-Terrorism

A cyber-weapon developed by the National Security Agency boomerangs after getting stolen, in all likelihood by Russia. After being used in ransomware attacks on U.S. businesses, “EternalBlue” is now crippling the computer systems of multiple American cities.

The big tech companies’ recommended strategy for preventing future attacks that could go much further, seriously threatening national security? An international disarmament summit – no great surprise considering the ideological proclivities of these trendy firms, like Microsoft, Google and Facebook.

But diplomats negotiating signatures onto pieces of paper never succeeded in disarming nuclear tyrants or terrorists, whether they were Communists or jihadists. And they won’t pacify cyber-attackers targeting the free world.

The lead story in the Sunday New York Times reveals that NSA’s compromised EternalBlue “exploit,” the term such cyber-weapons go by in hacking jargon, was a “key component of the malware that cybercriminals used in the attack” recently on the Baltimore city government computer system. And that “cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.”

Attacks with the NSA’s stolen software weapon are now in the hundreds of thousands per day. And three years after the agency breach, and two years after Microsoft repaired the vulnerability in its software that facilitated EternalBlue’s design, systems that are vulnerable remain “widespread even to this day.”

We can blame the NSA, or the U.S. intelligence community as a whole, for another blunder, like the CIA confidently reporting that Moscow was at least four years away from building an atomic bomb even as the evidence that the Soviets had tested one in August, 1949 was being analyzed. Or failing to foresee India’s joining of the nuclear weapons club in 1998.

Unnamed officials told the Times more accountability within the NSA was needed, comparing the EternalBlue fiasco to leaving a warehouse of automatic weapons unguarded. We must not, however, blame our national security establishment for designing weapons in this newest realm of warfare, perhaps the most challenging theater of conflict we’ve every faced. Or demand that the U.S. government “exercise restraint in developing cyber weapons,” one of the tenets of Microsoft president Brad Smith’s proposed “Digital Geneva Convention.”

Terrorists Defy Treaties

Smith’s idea, floated in early 2017, of filling a room with international experts and “hammering out exactly what will and will not be allowed in cyberwarfare” is no new obsession for some on the left.

French President Emmanuel Macron’s similar “Paris Call for Trust and Security in Cyberspace has garnered 50 counties as signatories, plus the support of Google, Facebook, and Microsoft. Conspicuously absent, naturally, are China, Iran, North Korea, and Russia, the nations that commit cyberwarfare against the free world, and would use such weapons to cripple us if they could without consequence.

In touting his Digital Geneva, Smith naively endorsed “key principles that bar governments from engaging in malicious activity using information and communications technology or similarly damaging other nations’ critical infrastructure.” But for almost every country, this is tantamount to barring snowball making in Equador. For the handful of offenders at whom the principles are aimed, it’s like barring pyromaniacs from lighting matches.

One of Smith’s worst precepts is “We should pledge that we’ll continue to take no efforts to assist in offensive actions anywhere.” So cyber-weapons like Stuxnet, which successfully prevented Iran from building a nuclear bomb, never be used against deadly adversaries? You might as well have Boeing pledge not to build F-15s.

On the positive side, Smith suggests that “technical experts from across governments, the private sector, academia and civil society … examine specific attacks and share the evidence showing that a given attack was by a specific nation-state.” Although it’s debatable whether this must be in the form of a cyber version of the United Nations’ International Atomic Energy Agency, as he believes.

One If By Land, Two If By Cyber

The threat is real, and it is growing. China, for instance, at the close of 2015 established a branch of its People’s Liberation Army dedicated to cyber-warfare, the Strategic Support Force (SSF). The Defense Intelligence Agency this year reported that the SSF “may be the first step in the development of a cyber-force by combining cyber-reconnaissance, cyber-attack, and cyber-defense capabilities into one organization to reduce bureaucratic hurdles and centralize command and control of PLA cyber units.”

For decades we’ve been warned of the dangers of a nuclear-triggered electronic pulse devastating our national infrastructure. But chew on this hypothetical scenario for a moment: cyber-terrorists, maintaining watertight secrecy, fully prepare a powerful computer worm to be released on Election Day, November 3, 2020. It will render inoperative, say, 60 percent of the local vote-tallying computer systems in the country.

The majority of the votes cast for President and various House races, most of the U.S. Senate races taking place next year, and various state and local offices would be rendered uncountable for the short term. The nation would be propelled into weeks if not months of recount chaos as back-up paper ballots are scrutinized. January 20th, 2021, Inauguration Day, might come around with Americans still not knowing who their President is supposed to be. And of course, throughout the pandemonium, the establishment media would be accusing Donald Trump of exploiting the crisis to steal re-election.

A cyber version of Yalta, or Barack Obama and John Kerry’s Iran nuclear deal, is not the answer. What is is the ability and will of the West to use force, of any and every kind, against states that sponsor or orchestrate cyber attacks. And we must make it plain to one and all that we view computer attacks against us as akin to conventional land, air or sea attacks – with all of those options open to us in defending ourselves.

Instead of a Digital Geneva Convention we should be seeking instruments of digital surrender from such adversaries. They can send them via email.

We Could Use Your Help

Issues & Insights was founded by seasoned journalists of the IBD Editorials page. Our mission is to provide timely, fact-based reporting and deeply informed analysis on the news of the day -- without fear or favor.

We’re doing this on a voluntary basis because we believe in a free press, and because we aren't afraid to tell the truth, even if it means being targeted by the left. Revenue from ads on the site help, but your support will truly make a difference in keeping our mission going. If you like what you see, feel free to visit our Donations Page by clicking here. And be sure to tell your friends!

You can also subscribe to I&I: It's free!

Just enter your email address below to get started.


Thomas McArdle

Tom McArdle @MacArdghail, longtime Senior Writer for Investor's Business Daily, was a White House Speechwriter for President George W. Bush, National Political Reporter for Washington political columnists Rowland Evans and Robert Novak, Managing Editor of Human Events, and has worked as a writer for CNN and the Catholic League for Religious and Civil Rights. His work has appeared in National Review, the American Spectator, The Hill, the Washington Examiner, Newsmax, and the National Catholic Register. He has appeared on Fox News and numerous talk radio programs. He is a graduate of Trinity College, Dublin, M. Stanton Evans' National Journalism Center in Washington, Cardinal Hayes High School in the Bronx, and at 17 was one of Curtis Sliwa's original "Magnificent 13" Guardian Angels.


  • Superb and very important article. U.S. policymakers must heed the message, “Terrorists Defy Treaties.”

  • The stable solution to the iterated prisoners’ dilemma is Tit-for-Tat. Start with a green. Thereafter play whatever the counterparty played the turn prior. Trusting, retaliatory, forgiving and transparent. Axelrod proved that.
    In this case, destroy cyber-terrorists. If unidentified, then destroy sponsoring states. Only need to do that once and the rest will de-louse their sovereign territories.

About Issues & Insights

Issues & Insights is run by the seasoned journalists behind the legendary IBD Editorials page. Our goal is to bring our decades of combined journalism experience to help readers understand the top issues of the day. We’re doing this on a voluntary basis, because we believe the nation needs the kind of cogent, rational, data-driven, fact-based commentary that we can provide. 

We Could Use Your Help

Help us fight for honesty in journalism and against the tyranny of the left. Issues & Insights is published by the editors of what once was Investor's Business Daily's award-winning opinion pages. If you like what you see, leave a donation by clicking on donate button above. You can also set up regular donations if you like. Ad revenue helps, but your support will truly make a difference. (Please note that we are not set up as a charitable organization, so donations aren't tax deductible.) Thank you!