The 34 signatories also promised to combat the exploitation of technology products during their development stage.
Microsoft has joined fellow tech giants Arm, Cisco, Facebook, Github, Nokia and 28 others to sign a joint Cybersecurity Tech Accord – which includes a promise not to help any government launch cyberattacks “against innocent citizens and enterprises”.
The 35 signatories also pledged to protect against “exploitation of technology products and services during their development, design, distribution and use.”
(The statement may be a reference to growing concern over backdoors being built into hardware and software by government agencies, whether domestic or foreign.)
In a blog published today, Microsoft CEO Brad Smith said: “A year ago we called on the world to borrow a page from history in the form of a Digital Geneva Convention… the first step in creating a safer internet must come from our own industry [however], the enterprises that create and operate the world’s online technologies and infrastructure.”
He added: “Many others in the industry wanted to come together to protect and defend our collective customers. [This] is an important step that already has broad support from many of the tech sector’s leaders and cybersecurity firms. And in the coming weeks and months, we are confident that these numbers will grow further.”
Notable by their absence were tech heavyweights Google, Twitter, Amazon and Apple.
The accord remains thin on detail; if thick with heavyweight signatories, who also include Avast! Cisco, FireEye and Symantec.
Participants plant to hold their first meeting during the security-focussed RSA Conference, and will focus on capacity building and collective action.
Brad Smith said: “The success of this alliance is not just about signing a pledge, it’s about execution. That’s why today is just an initial step and tomorrow we start the important work of growing our alliance and take effective action together.”
The accord is crucial given rapid growth of the Internet of Things, other signatories noted. “[It] will help to protect the integrity of the one trillion connected devices we expect to see deployed within the next 20 years,” Arm’s General Counsel Carolyn Herzog said, adding: “It aligns the resources, expertise and thinking of some of the world’s most important technology companies to help to build a trusted foundation for technology users who will benefit immensely from a more security connected world.”
Russian Threat Backdrop
The Accord was signed a day after the UK’s National Cyber Security Centre (NCSC) and US’s Department of Homeland Security (DHS) issued an unprecedented joint technical alert – alongside the Federal Bureau of Investigation (FBI) – detailing malicious cyber activity “carried out by the Russian government”.
This is aimed primarily at government and private-sector organisations, critical infrastructure providers, and the internet service providers (ISPs) supporting these sectors, they said. The alert, posted late Monday (April 16) evening, said the exploits are directed at network infrastructure devices worldwide such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS).
All network device vendors, ISPs, public sector organisations, private sector corporations and even small businesses should read the alert and act on the recommended mitigation strategies, the agencies urged. ed