Microsoft Leads Cybersecurity Tech Accord

In 2017, Microsoft CEO Brad Smith called for a Digital Geneva Convention to address the growing threat of state-sponsored cyber attacks.

The time has come to call on the world’s governments to come together, affirm international cybersecurity norms that have emerged in recent years, adopt new and binding rules and get to work implementing them. In short, the time has come for governments to adopt a Digital Geneva Convention to protect civilians on the internet.

While the idea gained little traction, this year Smith used this year’s RSA Conference in San Francisco to announce an accord among leading tech companies. In a blog post, Smith explained:

But as we also said at RSA last year, the first step in creating a safer internet must come from our own industry, the enterprises that create and operate the world’s online technologies and infrastructure.

Many others in the industry had similar ideas and wanted to come together to protect and defend our collective customers. And today, as this year’s RSA Conference begins in San Francisco, 34 global technology and security companies have done just that, signing a Cybersecurity Tech Accord to advance online security and resiliency around the world. It is an important step that already has broad support from many of the tech sector’s leaders and cybersecurity firms. And in the coming weeks and months, we are confident that these numbers will grow further.

The accord has four pillars:

WE WILL PROTECT ALL OF OUR USERS AND CUSTOMERS EVERYWHERE
WE WILL OPPOSE CYBERATTACKS ON INNOCENT CITIZENS AND ENTERPRISES FROM ANYWHERE
WE WILL HELP EMPOWER USERS, CUSTOMERS AND DEVELOPERS TO STRENGTHEN CYBERSECURITY PROTECTION
WE WILL PARTNER WITH EACH OTHER AND WITH LIKEMINDED GROUPS TO ENHANCE CYBERSECURITY

The announcement came a day after a joint U.S./U.K. announcement of Russian cyber attacks against government and private organizations as well as individual homes and offices in both countries, a milestone in the escalating use of cyberweaponry between major powers.

The full accord and 34 signatories are listed below:

Cybersecurity Tech Accord

Protecting Users and Customers Everywhere

The online world has become a cornerstone of global society, important to virtually every aspect of our public infrastructure and private lives. As we look to the future, new online technologies will do even more to help address important societal challenges, from improving education and healthcare to advancing agriculture, business growth, job creation, and addressing environmental sustainability. Recent events, however, have put online security at risk. Malicious actors, with motives ranging from criminal to geopolitical, have inflicted economic harm, put human lives at risk, and undermined the trust that is essential to an open, free, and secure internet. Attacks on the availability, confidentiality, and integrity of data, products, services, and networks have demonstrated the need for constant vigilance, collective action, and a renewed commitment to cybersecurity.

Protecting our online environment is in everyone’s interest. Therefore we – as enterprises that create and operate online technologies – promise to defend and advance its benefits for society. Moreover, we commit to act responsibly, to protect and empower our users and customers, and thereby to improve the security, stability, and resilience of cyberspace.

To this end, we are adopting this Accord and the principles below:

1. WE WILL PROTECT ALL OF OUR USERS AND CUSTOMERS EVERYWHERE.

We will strive to protect all our users and customers from cyberattacks – whether an individual, organization or government – irrespective of their technical acumen, culture or location, or the motives of the attacker, whether criminal or geopolitical.
We will design, develop, and deliver products and services that prioritize security, privacy, integrity and reliability, and in turn reduce the likelihood, frequency, exploitability, and severity of vulnerabilities.

2. WE WILL OPPOSE CYBERATTACKS ON INNOCENT CITIZENS AND ENTERPRISES FROM ANYWHERE.

We will protect against tampering with and exploitation of technology products and services during their development, design, distribution and use.
We will not help governments launch cyber attacks against innocent citizens and enterprises from anywhere.

3. WE WILL HELP EMPOWER USERS, CUSTOMERS AND DEVELOPERS TO STRENGTHEN CYBERSECURITY PROTECTION.

We will provide our users, customers and the wider developer ecosystem with information and tools that enable them to understand current and future threats and protect themselves against them.
We will support civil society, governments and international organizations in their efforts to advance security in cyberspace and to build cybersecurity capacity in developed and emerging economies alike.

4. WE WILL PARTNER WITH EACH OTHER AND WITH LIKEMINDED GROUPS TO ENHANCE CYBERSECURITY.

We will work with each other and will establish formal and informal partnerships with industry, civil society, and security researchers, across proprietary and open source technologies to improve technical collaboration, coordinated vulnerability disclosure, and threat sharing, as well as to minimize the levels of malicious code being introduced into cyberspace.
We will encourage global information sharing and civilian efforts to identify, prevent, detect, respond to, and recover from cyber attacks and ensure flexible responses to the security of the wider global technology ecosystem.

To ensure a meaningful partnership is established through the implementation of the Tech Accord, we, the undersigned companies, will continue to define collaborative activities we will undertake to further this Accord. We will also report publicly on our progress in achieving these goals

Cybersecurity Tech Accord Signatories: