Last year at the RSA Conference in San Francisco, in the wake of escalating cyberattacks by criminal organizations and nation states – and just a few months before WannaCry and NotPetya crippled enterprises around the world – Microsoft called for bold new measures to defend and protect technology users around the world. We recognized that supporting an open, free and secure internet is not just the responsibility of individual companies, like ourselves, but a responsibility that must be shared across the entire tech sector and with governments.
We called on the world to borrow a page from history in the form of a Digital Geneva Convention, a long-term goal of updating international law to protect people in times of peace from malicious cyberattacks. But as we also said at RSA last year, the first step in creating a safer internet must come from our own industry, the enterprises that create and operate the world’s online technologies and infrastructure.
Many others in the industry had similar ideas and wanted to come together to protect and defend our collective customers. And today, as this year’s RSA Conference begins in San Francisco, 34 global technology and security companies have done just that, signing a Cybersecurity Tech Accord to advance online security and resiliency around the world. It is an important step that already has broad support from many of the tech sector’s leaders and cybersecurity firms. And in the coming weeks and months, we are confident that these numbers will grow further.
The Tech Accord sets forth four principles:
The first principle is that we will protect all of our users and customers everywhere, whether they be individuals, organizations or governments and irrespective of their technical acumen, culture, location or the motives of the attacker, whether criminal or geopolitical. As an industry, we have pledged today that we will design, develop and deliver products and services that prioritize security, privacy, integrity and reliability, and in turn reduce the likelihood, frequency, exploitability and severity of vulnerabilities. This includes stronger protections of democratic institutions and processes around the world.
The second principle we have endorsed is that we will oppose cyberattacks on innocent citizens and enterprises from anywhere. As we have stated in the Tech Accord, we will protect against tampering with and exploitation of technology products and services during their development, design, distribution and use. We will not help governments launch cyberattacks against innocent citizens and enterprises.
Third, we will empower users, customers and developers to strengthen cybersecurity protection. One of the conclusions that has emerged over the last year is, not surprisingly, that within any security scenario, you’re only as strong as the weakest link. Securing the world’s computer network requires all of us to recognize the need to increase the capability and resilience of the world’s computer networks. We’ll do this by providing our users, customers and the wider developer ecosystem with more information and better tools that enable them to understand current and future threats and protect themselves against them. We will also support civil society, governments and international organizations in their efforts to advance security in cyberspace and build cybersecurity capacity in developed and emerging economies alike.
And last, we will partner with each other and with like-minded groups to enhance cybersecurity. We’ll work with one another to establish formal and informal partnerships with industry, civil society and security researchers, across proprietary and open source technologies to improve technical collaboration, coordinated vulnerability disclosure and threat sharing, as well as to minimize the levels of malicious code being introduced into cyberspace. In addition, we will encourage global information sharing and civilian efforts to identify, prevent, detect, respond to and recover from cyberattacks and ensure flexible responses to security of the wider global technology ecosystem.
The success of this alliance is not just about signing a pledge, it’s about execution. That’s why today is just an initial step and tomorrow we start the important work of growing our alliance and take effective action together.
Protecting our online environment is in everyone’s interest. The companies that are part of the Cybersecurity Tech Accord promise to defend and advance technology’s benefits for society. And we commit to act responsibly, to protect and empower our users and customers, and help create a safer and more secure online world.