Facebook & Microsoft pledge not to aid government cyber attacks
Cybersecurity Tech Accord

Facebook & Microsoft pledge not to aid government cyber attacks

Over 30 technology companies have signed a new accord, promising to protect all customers – citizens and businesses – from government or state agency cyber attack, regardless of nationality, location, or motive for the attack.

The Cybersecurity Tech Accord is “a public commitment among 34 global companies to protect and empower civilians online and to improve the security, stability, and resilience of cyberspace”, according to the new industry organisation.

The agreement is open to private sector signatories, large and small, who have high cybersecurity standards, are trustworthy, and will adhere to the accord.

In the face of increasing political uncertainty and growing criminal activities online, the likes of ABB, ARM, Cisco, Dell, Facebook, HP, Microsoft, Nokia, Oracle, SAP, and Trend Micro, which together power much of the world’s internet communications and data infrastructure, have come together to help keep the network free from political interference.

• Facebook’s presence in the Accord may raise some eyebrows, given its recent involvement – unwitting or otherwise – with the Cambridge Analytica scandal, and the use of fake accounts by Russian troll farms to target marginal voters and social interest groups – moves that saw CEO Mark Zuckerberg grilled by Congress just days ago. This week, it also emerged that Facebook is facing a class action over user privacy because of its facility that allows users to tag other members’ photos without their permission.

The Cybersecurity Tech Accord follows four main principles. Adherents agree that:

  • We will protect all of our users and customers everywhere.
  • We will oppose cyberattacks on innocent citizens and enterprises from anywhere.
  • We will help empower users, customers and developers to strengthen cybersecurity protection.
  • We will partner with each other and with likeminded groups to enhance cybersecurity.

The signatories have also promised to define collaborative activities for fighting cyber attacks and to report publicly on their progress.

With the economic losses from cyber attacks on all types of organisations expected to reach $8 trillion by 2022, it’s vital that companies collaborate to combat the growing threat – as Kevin Simzer, Chief Operating Officer at Trend Micro explained:

The real-world consequences of cyber threats have been repeatedly proven. As an industry, we must band together to fight cybercriminals and stop future attacks from causing even more damage.

Stronger together

The Cybersecurity Tech Accord follows a year that saw an unprecedented level of cyber attacks, at huge scale – such as the WannaCry worm, the NotPetya attack, and Industroyer.

Industroyer, a malware attack on Ukraine’s power grid, marked a growing trend in crucial infrastructure incidents and breaches. The Financial Times reported yesterday that executives from Britain’s energy companies have been warned to investigate future blackouts for signs of cyber attack.

As Reuters reports, Microsoft President Brad Smith led the initiative to facilitate more effective collective action. His speech on Tuesday, at the RSA cyber security conference in San Francisco, stressed the agreement’s importance:

We’re living amidst a generation of new weapons, and where cyberspace has become the new battlefield. [The technology sector] needs to take a principled path toward more effective steps to work together and defend customers around the world.

Amazon, Apple, Alphabet, and Twitter are among those conspicuous by their absence from the Accord. Their reasons for not signing the pledge to date are unclear.

Russian state-sponsored cyber attacks

The Cybersecurity Tech Accord was revealed just as the US Department of Homeland Security (DHS) announced signs of Russian state-sponsored cyber actors targeting network infrastructure devices.

The joint Technical Alert followed analysis by the DHS, FBI, and the UK’s National Cyber Security Centre (NCSC), and warns that, “targets are primarily government and private-sector organisations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors.”

The report provides network engineers with advice on detecting and mitigating such attacks, including what kinds of network traffic to watch out for. Preventative measures include not allowing unencrypted management protocols to enter an organisation from the internet, and disallowing internet access to the management interface of any network device.

Internet of Business says

At last year’s RSA conference, Smith introduced the idea of a “Digital Geneva Convention”, a body with the necessary backing and influence to protect civilians from state-sponsored hacking. The resulting Cybersecurity Tech Accord is as much about tech firms protecting their own interests as those of their customers.

As major technology companies grow in power and, importantly, the data they own or deploy grows too, they become increasingly susceptible to being leant on by governments and caught up in international games of influence and security. By clubbing together, they may be better able to resist such pressure.

As we look to the future, new online technologies will be central to addressing important societal challenges, from improving education and healthcare to advancing industry, agriculture, and job creation. In its position as a key means of human and machine communication, the internet is also vital to upholding free enterprise and speech.

On a more basic level, with critical infrastructure becoming more connected, the risk of cyber attacks bringing down electricity networks and dependent systems is very real. Our security news and analysis page is strongly recommended for keeping abreast of the current situation – not just in terms of critical threat news, but also our commitment to sharing solutions.