A coalition of leading tech companies on Tuesday made public a vow never to aid any government in offensive cyberwarfare, while also promising to increase information sharing about malicious code to stem the tide of cybercrime.
Microsoft, Cloudflare, Facebook, Github and Cisco are among the 34 major global technology and security companies that have signed on to the Cybersecurity Tech Accord, a multilateral pledge to work together and defend consumers against cybercrime.
“The real-world consequences of cyberthreats have been repeatedly proved,” said Kevin Simzer, chief operating officer at TrendMicro, which also signed the agreement. “As an industry, we must band together to fight cybercriminals and stop future attacks from causing even more damage.”
The agreement, which calls to “empower civilians online and to improve the security, stability and resilience of cyberspace,” promises that each company will avoid aiding governments in bolstering their offensive cyber-capabilities, as well as protect against government “tampering or exploitation” of products and services, from the development stage to distribution.
“We will not help governments launch cyberattacks against innocent citizens and enterprises from anywhere,” the accord states.
Notably, President Trump’s incoming national security advisor, John Bolton, has frequently argued in favor of launching sophisticated and aggressive cyberattacks against America’s digital adversaries—such as Russia, China, and Iran—often by citing Cold War nuclear-deterrence theory.
In February op-ed, Bolton advocated launching a “decidedly disproportionate” “retaliatory cyber campaign” against Russia to teach Moscow that the cost of meddling in US elections will be, he said, “so high that they will simply consign all their cyberwarfare plans to their computer memories to gather electronic dust.”
Alex Stamos, Facebook’s chief security officer, told Gizmodo that in signing on to the agreement, Facebook stood opposed to “any nation state or organization that tries to exploit technology and the people who try to use it.”
Additionally, the companies committed to mounting a stronger defense against malicious code; joining forces to roll out “new security practices and new features” for companies to deploy in their individual products and services; and to “improve technical collaboration, coordinate vulnerability disclosures, share threats and minimize the potential for malicious code to be introduced into cyberspace.”
The signatories said their first meeting would be held at the RSA security conference in San Francisco, which is taking place this week, and would focus on “capacity building and collective action.”