More than 30 global technology firms have signed up to a “digital Geneva convention”, committing never to partake in cyber-attacks against individuals or businesses.
The signatories to the “cybersecurity tech accord”, which include Facebook, Microsoft, Arm and Trend Micro, are largely from the US and western Europe, and do not include companies from the countries seen as most responsible for the recent escalation of digital hostilities, such as Russia, North Korea and Iran.
Equally notable by their absence are Google, Apple and Amazon. None gave a reason for not signing up.
The tech accord commits companies to responsible action in four key areas: strengthening defensive capabilities, refusing to provide offensive ones, helping customers and users defend themselves, and working collectively to minimise the potential for damaging cyber-attacks.
The companies have also committed to never launching attacks themselves. The accord states: “The companies will not help governments launch cyber-attacks against innocent citizens and enterprises,, and will protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution.”
Kevin Simzer, the chief operating officer of Trend Micro, said: “The real-world consequences of cyber threats have been repeatedly proven. As an industry, we must band together to fight cybercriminals and stop future attacks from causing even more damage.”
Brad Smith, the president of Microsoft, has been the driving force behind the accord. He has argued for months that the tech industry needs “a digital Geneva convention that will commit governments to protecting civilians from nation-state attacks in times of peace”.
He wrote in February: “The tech sector plays a unique role as the internet’s first responders, and we therefore should commit ourselves to collective action that will make the internet a safer place, affirming a role as a neutral Digital Switzerland that assists customers everywhere and retains the world’s trust.”
The creation of the loose grouping comes a day after US and UK authorities issued a joint alert blaming Russia for a major cyber-offensive that targeted millions of routers around the world.
“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations,” the two nations said.
US regulators moved the same day to ban companies from selling parts, software or services to the Chinese mobile phone maker ZTE, arguing that the firm had violated sanctions against North Korea and Iran.
Britain backed the ban, and noted that the firm posed a security risk to British digital infrastructure. The National Cyber Security Centre said: “In Britain, NCSC assess that the national security risks arising from the use of ZTE equipment or services within the context of the existing UK telecommunications infrastructure cannot be mitigated.”