Thirty eight companies, including Microsoft, Facebook, Dell, and Oracle, have signed an accord to develop long-term, wide-reaching cyber-security akin to a “Digital Geneva Convention.”
Among the signatories of the new the Cybersecurity Tech Accord are Arm, Dell, Facebook, Cisco, HPE, Microsoft, and Trend Micro. The pact was signed at the RSA Conference in San Francisco on Tuesday.
The accord comprises four key principles. First, the companies promise to first protect all users, “whether they be individuals, organisations or governments and irrespective of their technical acumen, culture, location or the motives of the attacker, whether criminal or geopolitical.”
The organisations will also “oppose cyber-security attacks on innocent citizens and enterprises from anywhere,” which includes a pledge to “not help governments launch cyber-attacks.”
Third, the firms promise to empower users, customers and developers to strengthen cyber-security protection” by providing more information and tools.
The companies will also will “establish formal and informal partnerships with industry, civil society and security researchers” in order to “improve technical collaboration, coordinated vulnerability disclosure and threat sharing, as well as to minimise the levels of malicious code being introduced into cyber-space.”
The signatories will also “encourage global information sharing and civilian efforts to identify, prevent, detect, respond to and recover from cyber-attacks and ensure flexible responses to security of the wider global technology ecosystem.”
Kevin Simzer, chief operating officer at Trend Micro, said that the “The real-world consequences of cyber-threats have been repeatedly proven. As an industry, we must band together to fight cyber-criminals and stop future attacks from causing even more damage.”
Carolyn Herzog, general counsel of Arm, said that the accord will “help to protect the integrity of the one trillion connected devices we expect to see deployed within the next 20 years.”
In a blog post, Microsoft president Brad Smith said that the success of this alliance is “not just about signing a pledge, it's about execution”.
“That's why today is just an initial step and tomorrow we start the important work of growing our alliance and take effective action together,” he said. “Protecting our online environment is in everyone's interest. The companies that are part of the Cybersecurity Tech Accord promise to defend and advance technology's benefits for society. And we commit to act responsibly, to protect and empower our users and customers, and help create a safer and more secure online world.”
“We believe our membership in the Microsoft Intelligent Security Association is a huge win for our mutual customers and prospects,” said Chuck Leaver, CEO of Ziften. “As security vendors, we all recognise the need to cooperate and collaborate to protect our customers and their employees. Kudos to Microsoft for leading this industry effort. The days of siloed endpoint security tools that provide only incomplete, point-in-time data exposing organisations to unacceptable risks and unnecessary costs is ending. Together, we help security teams to address today's visibility, security and control challenges at the endpoint and in the cloud.”
Guy Bunker, SVP of products at Clearswift, told SC Media UK that the cynical view would be that this is a marketing stunt.
“The reality is that while there is legislation appearing across the globe to protect citizens (for example, EU GDPR), these are all aimed at organisations who use technology, rather than something for those who create it,” he said.
“The IT world has always created standards and consortiums for the greater good - and this is just that. By coming together, a new set of standards will be created which should result in better ‘joined up' security for those who use technology from the different vendors. For the wider industry, this is about making everybody safer when sharing information and increasing cooperation where applicable.”
Amit Yoran, CEO, Tenable, told SC Media UK that the growing threat of cyber-attacks and offensive cyber- weapons endangers all of us, from consumers and private businesses to government agencies.
“As cyber-security professionals, we have a social responsibility to protect everyone online and support foundational cyber-hygiene practices among private citizens and organisations of all sizes. We're focused on empowering organisations everywhere to understand and reduce their cyber-security risk. That's always been our mission as an organisation, and this Accord solidifies that commitment,” he said.