Top tech firms pledge not to help governments launch cyberattacks
34 global technology and security companies have pledged not to aid governments launch cyberattacks and to protect all customers regardless of nationality, geography or attack motivation.
The Cybersecurity Tech Accord
The Cybersecurity Tech Accord is a watershed agreement among the largest-ever group of companies agreeing to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states.
The 34 companies include ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, Datastax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, GuardTime, HP Inc, HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, TrendMicro, and VMWare.
“The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do but also about what we can all do together.” said Microsoft President Brad Smith. “This tech sector accord will help us take a principled path towards more effective steps to work together and defend customers around the world.”
The companies made commitments in four areas.
Stronger defense
The companies will mount a stronger defense against cyberattacks. As part of this, recognizing that everyone deserves protection, the companies pledged to protect all customers globally regardless of the motivation for attacks online.
No offense
The companies will not help governments launch cyberattacks , and will protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution.
Capacity building
The companies will do more to empower developers and the people and businesses that use their technology, helping them improve their capacity for protecting themselves. This may include joint work on new security practices and new features the companies can deploy in their individual products and services.
Collective action
The companies will build on existing relationships and together establish new formal and informal partnerships with industry, civil society and security researchers to improve technical collaboration, coordinate vulnerability disclosures, share threats and minimize the potential for malicious code to be introduced into cyberspace.
The companies may have adhered to some or all of these principles prior to the accord, or may have adhered without a public commitment but this agreement represents a public shared commitment to collaborate on cybersecurity efforts.
“The real world consequences of cyber threats have been repeatedly proven. As an industry, we must band together to fight cybercriminals and stop future attacks from causing even more damage,” said Kevin Simzer, Chief Operating Officer, Trend Micro.
The victims of cyberattacks are businesses and organizations of all sizes, with economic losses expected to reach $8 trillion by 2022. Recent cyberattacks have caused small businesses to shutter their doors, hospitals to delay surgeries and governments to halt services, among other disruptions and safety risks.
The Tech Accord will help to protect the integrity of the one trillion connected devices we expect to see deployed within the next 20 years,” said Carolyn Herzog, General Counsel, Arm. “It aligns the resources, expertise and thinking of some of the world’s most important technology companies to help to build a trusted foundation for technology users who will benefit immensely from a more security connected world.”
Companies that signed the accord plan will hold their first meeting during the security-focused RSA Conference 2018 taking place in San Francisco. Future actions may include jointly developed guidelines or broadly deployed features, as well as information sharing and partnering to combat specific threats to make the online world a safer place for people and businesses everywhere — and uphold the promise and benefit technology offers society.
“The success of this alliance is not just about signing a pledge, it’s about execution. That’s why today is just an initial step and tomorrow we start the important work of growing our alliance and take effective action together,” Smith concluded.
The Tech Accord remains open to consideration of new private sector signatories, large or small and regardless of sector, who are trusted, have high cybersecurity standards and will adhere unreservedly to the Accord’s principles.