Facebook, Microsoft and 32 other major technology companies have signed a Cybersecurity Tech Accord to protect people from cybercrime.
The agreement makes a number of promises that the signatories hope will protect consumers and businesses from an ever-growing wave of cybercrime. This includes refusing to collaborate with governments on cyberattacks.
Cynics reading may note some fairly large omissions from the list, such as Apple, Amazon, Google and Twitter. They may also consider the inclusion of Facebook to be somewhat incongruous given its recent troubles.
The companies that are involved, which includes major players in technology and security such as Oracle, HPE, VMWare and Cisco, operate a significant proportion of the world’s internet communication and information infrastructure.
At the RSA Conference in San Francisco, bosses at these firms have agreed to put the principles, which amount to a ‘Digital Geneva Convention’, into action.
These principles are summed up in four key points – ‘stronger defence, no offense, capacity building and collective action.’
Perhaps the most significant of these points is the ‘no offense’ principles, which states that these companies ‘will not help governments launch cyberattacks and will protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution.’
Stronger defence means that members of the accord will ‘protect all customers globally regardless of the motivation for attacks online.’ The final two points refer to providing resource and the opportunity to developers to find ways of protecting against cyberattacks, while ‘collective action’ stipulates that these companies will work together, as well as with other organisations and researchers to reach their goals.
Microsoft president Brad Smith said: “The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do but also about what we can all do together. This tech sector accord will help us take a principled path toward more effective steps to work together and defend customers around the world.”
Despite the omission of some major names, reaction from the industry has been positive. Eve Salomon, chair of Privacy International, commented: “The focus on defensive security is welcome in a climate where governments around the world are focused on increasing offensive capabilities, such as hacking for surveillance, which poses unique and grave threats to everyone’s privacy and security.
“We hope this line in the sand from industry will signal to governments that ramping up offensive capabilities at the expense of defensive capabilities and expertise is the wrong approach to cyber security.”
A spokesperson for the Cyber Threat Alliance mirrored those sentiments, saying: “As cyber threats continue to worsen and our digital dependence grows, organizations of all sizes and geographies need to incorporate cybersecurity more thoroughly into their business operations, products, and services, particularly those with the capability to protect other end-users. We believe the Accord is a positive step forward for the industry.”
Those involved in the accord acknowledge the amount of work still to be done and say that their first meeting will focus on building capacity and taking collective action.