Microsoft, Facebook and Symantec are among 34 companies pledging not to help governments launch cyberattacks
More than 30 technology companies have signed the Cybersecurity Tech Accord, making a number of pledges relating to cyberattacks. Microsoft, Facebook, Dell, HP and LinkedIn are just a few of the companies signing on the dotted line, promising -- among other things -- never to help a government launch cyberattacks against innocent citizens and enterprises.
The overall aim of the accord is to protect customers against malicious attacks by cybercriminal enterprises and nation-states. It is described as a "watershed agreement", and it sees a number of very big names coming together -- although there are a few notable exceptions.
Missing from the list are the likes of Apple and Google, but that's not to say they won't participate at some point in the future. The full list of companies that are signed up reads as follows: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro and VMware.
Microsoft president Brad Smith says that in the wake of cyberattacks, the company last year proposed a new defense mechanism:
We recognized that supporting an open, free and secure internet is not just the responsibility of individual companies, like ourselves, but a responsibility that must be shared across the entire tech sector and with governments.
We called on the world to borrow a page from history in the form of a Digital Geneva Convention, a long-term goal of updating international law to protect people in times of peace from malicious cyberattacks. But as we also said at RSA last year, the first step in creating a safer internet must come from our own industry, the enterprises that create and operate the world’s online technologies and infrastructure.
The Cybersecurity Tech Accord sees like-minded companies coming together to offer protection and reassurance.
There are four key principles at the heart of the accord, which Smith sets out:
- The first principle is that we will protect all of our users and customers everywhere, whether they be individuals, organizations or governments and irrespective of their technical acumen, culture, location or the motives of the attacker, whether criminal or geopolitical. As an industry, we have pledged today that we will design, develop and deliver products and services that prioritize security, privacy, integrity and reliability, and in turn reduce the likelihood, frequency, exploitability and severity of vulnerabilities. This includes stronger protections of democratic institutions and processes around the world.
- The second principle we have endorsed is that we will oppose cyberattacks on innocent citizens and enterprises from anywhere. As we have stated in the Tech Accord, we will protect against tampering with and exploitation of technology products and services during their development, design, distribution and use. We will not help governments launch cyberattacks against innocent citizens and enterprises.
- Third, we will empower users, customers and developers to strengthen cybersecurity protection. One of the conclusions that has emerged over the last year is, not surprisingly, that within any security scenario, you're only as strong as the weakest link. Securing the world’s computer network requires all of us to recognize the need to increase the capability and resilience of the world's computer networks. We'll do this by providing our users, customers and the wider developer ecosystem with more information and better tools that enable them to understand current and future threats and protect themselves against them. We will also support civil society, governments and international organizations in their efforts to advance security in cyberspace and build cybersecurity capacity in developed and emerging economies alike.
- And last, we will partner with each other and with like-minded groups to enhance cybersecurity. We'll work with one another to establish formal and informal partnerships with industry, civil society and security researchers, across proprietary and open source technologies to improve technical collaboration, coordinated vulnerability disclosure and threat sharing, as well as to minimize the levels of malicious code being introduced into cyberspace. In addition, we will encourage global information sharing and civilian efforts to identify, prevent, detect, respond to and recover from cyberattacks and ensure flexible responses to security of the wider global technology ecosystem.
More information is available on the Cybersecurity Tech Accord website.