RSAC 2018: Tech Giants Form Cybersecurity Tech Accord

SAN FRANCISCO – Microsoft President Brad Smith during a keynote at the 2018 RSA Conference condemned government-backed cyberattacks as endangering innocent civilian’s lives – and said that tech companies need to come together to “open the world’s eyes to the impact that this is having.”

At this year’s conference, 34 companies – including Microsoft, Facebook, and HPE – announced a Cybersecurity Tech Accord. Smith likened it to a Digital Geneva Convention where members would work together on cybersecurity issues and pledged their opposition against all cyberattacks by governments.

Smith pointed to the WannaCry and NotPetya attacks – the destructive campaigns that impacted computers across 150 countries – as an example of attacks that not only crippled civilians’ systems, but also disrupted citizens’ daily lives.

“This is a sobering time. When World War II  ended, governments of the world pledged a moral responsibility and legal duty to protect civilians in the time of war. Then in May and June of last year, we saw governments attacking civilians in a time of peace,” said Smith.  “We have a message to the governments of the world – that’s an attack that endangers people’s lives.”

The WannaCry ransomware, which is estimated to have infected more than 300,000 systems across 150 countries, demanded a ransom of $300 for the decryption key. The attack broke out in May – then in June 2017, another massive ransomware campaign hit several companies across Ukraine, including a number of Ukraine banks and the state power distributor.

The WannaCry attacks were later officially blamed on North Korea by the U.S. government.

These attacks not only brought down computer systems, but paralyzed hospital customers appointments, crippled banks and had the potential to shut down power grids, said Smith.

In response to attacks, the 34 tech firms have signed an accord pledging both to oppose governments launching cyberattacks against civilians, but also committing to protect all their customers with new tools and products and working together in addressing security.

These companies include ABB, Arm, Cisco, Facebook, HP, HPE, Microsoft, Nokia, Oracle, and Trend Micro. Others, such as Apple and Google, were not on the list.

“The companies will not help governments launch cyberattacks against innocent citizens and enterprises, and will protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution,” the accord said.

Kirstjen Nielsen, Secretary of the Department of Homeland Security, agreed that governments “need norms” when it comes to cybersecurity. Nielson said that the guidelines of the accord “perfectly align” with those of DHS.

“The threats today are too big, too widespread to fight alone,” she said. “We have to voluntarily come together in the absence of true rules in the cyberrealm.”

According to Microsoft, the companies that signed the accord will take future actions – including jointly developed guidelines or new security features.

“We need governments to stop targeting the public sector, hospitals, and power grids… we need to make the world a safer place,” said Smith.   “This requires that we not only do more [to address security risks] but do more together.”