n April, 34 tech companies announced that they had signed an agreement vowing to help strengthen cybersecurity
globally by adopting core principles to combat attacks. The firms included some of the largest in the industry, among them Facebook, Microsoft, SAP, Oracle and HP.
Coincidentally, that same week the United States and the United Kingdom issued an apparently unprecedented joint warning about Russian cyberattacks that threatened both the public and private sectors.
The tech agreement and the warning vividly demonstrated the growing attraction of alliances to respond to the ever-escalating cyberwars.
Microsoft took the lead in crafting the Cybersecurity Tech Accord. In a blog posted on April 17, the day of the announcement, Brad Smith, Microsoft’s president and chief legal officer, wrote that the idea grew out of his call for action at the RSA conference in San Francisco last year.
“We recognized that supporting an open, free and secure internet is not just the responsibility of individual companies, like ourselves, but a responsibility that must be shared across the entire tech sector and with governments,” Smith wrote.
“But as we also said at RSA last year,” he continued, “the first step in creating a safer internet must come from our own industry, the enterprises that create and operate the world’s online technologies and infrastructure.”
The companies represented are not all American and do not include all of the big tech firms. In addition to Germany’s SAP, the Finnish company Nokia is a signatory, as is Spain’s Telefónica. But the list does not include Apple, Google or Amazon. At least not yet.
The agreement itself is anchored in four pledges:
•We will protect all of our users and customers everywhere. •We will oppose cyberattacks on innocent citizens and enterprises from anywhere. •We will help empower users, customers and developers to strengthen cybersecurity protection. •We will partner with each other and with like-minded groups to enhance cybersecurity.
The brief document elaborates on each. The companies say that they will develop products that prioritize privacy and security while reducing vulnerabilities. They will “not help governments launch cyberattacks against innocent citizens and enterprises from anywhere.” And they will “work with each other and will establish formal and informal partnerships with industry, civil society and security researchers” to coordinate “vulnerability disclosure and threat sharing.”
Smith emphasized the importance of collaboration when he spoke about the agreement to The New York Times. Companies like his are often “first responders” when cyberattacks hit their customers, he said.
“This has become a much bigger problem,” he added, “and I think what we have learned in the past few years is that we need to work together in much bigger ways.”