It’s all in the collaboration, said 34 heavyweight IT companies, which collectively on Tuesday promised to defend people worldwide from cyber attacks launched by criminal gangs and nation states. Without saying so, they publicly proclaimed enough is enough.
The collaborators termed their Cybersecurity Tech Accord a “watershed agreement” not only for its intent but also for the number of big players involved. Members include ABB, ARM, Cisco, Facebook, HP, HPE, Microsoft, Nokia, Oracle and Trend Micro, which as a group command the technologies that fuel internet communications and IT infrastructure.
If you’re searching, however, for behemoths Alphabet (i.e., Google), Amazon and Apple you won’t find them in this group. Could the world’s internet users not benefit from their inclusion? That goes without saying. No matter, this sort of thing has been done many times before on a wide range of issues but perhaps considering the nature of what’s on the line this one feels a bit different.
What's At Stake
Cyber crime now costs businesses roughly $600 billion worldwide, up nearly 35 percent since 2014, according to a recent report from McAfee and the Center for Strategic and International Studies. The staggering losses amount to 0.8 percent of global GDP. Cumulative losses from 2017 through 2022 could explode to $8 trillion by 2022, a Juniper Research report, cited by the new partners, projected.
“It is an important step that already has broad support from many of the tech sector’s leaders and cybersecurity firms. And in the coming weeks and months, we are confident that these numbers will grow further,” Microsoft President Brad Smith wrote in a blog post. He said the initiative was spurred on in part by the destructive WannaCry and NotPetya attacks.
In a separate and similar blog post Github's chief strategy officer Julio Avalos said that “protecting the internet is becoming more urgent every day as more fundamental vulnerabilities in infrastructure are discovered—and in some cases used by government organizations for cyberattacks that threaten to make the internet a theater of war.” He, too, called the Accord a “crucial step toward securing our future.”
Collectively, the companies committed to four principles:
- Mount a stronger defense against cyberattacks to protect all customers globally regardless of the motivation for attacks online.
- Refuse to help governments launch cyberattacks against innocent citizens and enterprises and will protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution.
- Do more to empower developers and the people and businesses that use their technology, helping them improve their capacity for protecting themselves, including working together on new security practices and new features to deploy in their individual products and services.
- Build on existing relationships and together establish new formal and informal partnerships with industry, civil society and security researchers to improve technical collaboration, coordinate vulnerability disclosures, share threats and minimize the potential for malicious code to be introduced into cyberspace.
The signees said they are open to new private sector members of any size joining that will adhere to the Accord’s principles. “The success of this alliance is not just about signing a pledge, it’s about execution,” Smith said.
Companies that signed the pact plan to hold their first meeting during the RSA Conference in San Francisco this week. The associates also said they may jointly develop guidelines or broadly deployed features, as well as information sharing and partnering to combat specific threats. Their goal is to “uphold the promise and benefit technology offers society.”
In addition to the companies mentioned above, the full list of collaborators also includes: Avast, BitDefender, BT, CA Technologies, Cloudflare, Datastax, Dell, Docusign, Fastly, FireEye, F-Secure, Github, Guardtime, Intuit, Juniper, LinkedIn, Nielsen, RSA, SAP, Stripe, Symantec, Telefonica, Tenable and VMware.