ADVERTISEMENT
ADVERTISEMENT

Tech firms to pledge not to assist governments in cyberattacks

More than 30 high-tech companies, led by Microsoft and Facebook, plan to announce a set of principles on Tuesday that include a declaration that they will not help any government —

Although the list of firms agreeing to the accord is lengthy, several companies have declined to sign on at least for now, including Google, Apple and Amazon.

Perhaps as important, none of the signers come from the countries viewed as most responsible for what Brad Smith, Microsoft’s president, called in an interview “the devastating attacks of the past year.” Those came chiefly from Russia, North Korea, Iran and, to a lesser degree, China.

On Monday, U.S. and British officials issued a first-of-its-kind joint warning about years of cyberattacks emanating from Russia, aimed not only at businesses and utilities but, in some cases, individuals and small enterprises. The warning was only the latest in a series about Russian threats to elections and electoral systems.

ADVERTISEMENT

The impetus for the effort came largely from Smith, who has been arguing for several years that the world needs a “digital Geneva Convention” that sets norms of behavior for cyberspace just as the Geneva Conventions set rules for the conduct of war in the physical world. Although there was some progress in setting basic norms of behavior in cyberspace through a United Nations-organized group of experts several years ago, the movement has since faltered.

Smith said over the weekend that the first move needed to come from the American companies that often find themselves acting as the “first responders” when cyberattacks hit their customers.

“This has become a much bigger problem, and I think what we have learned in the past few years is that we need to work together in much bigger ways,” Smith said in an interview. “We need to approach this in a principled way, and if we expect to get governments to do that, we have to start with some principles ourselves.”

Microsoft played a central role in trying to extinguish the WannaCry attack last year that struck the British health care system and companies around the world. The Trump administration, along with several other Western governments, later blamed that attack on North Korea. Last summer the NotPetya attack struck Ukraine, crippling systems throughout the country. Iran is suspected in a recent attack on a Saudi petrochemical plant.

Yet not all governments are likely to embrace the “Cybersecurity Tech Accord” in part because the principles it espouses can run headlong into their own, usually secret efforts to develop cyberweapons.

ADVERTISEMENT

When Russia’s intelligence agencies obtained some of the National Security Agency’s secrets about its own cyberweapons, it appeared to do so by manipulating a virus protection program sold by Kaspersky, a Russian firm. The company said it knew nothing about the intrusion into its products, but U.S. officials do not believe the denials and have banned Kaspersky products from U.S. government systems. Kaspersky is not a signer to the new accord.

Edward J. Snowden, the former NSA contractor who leaked documents about surveillance programs, revealed pictures suggesting that U.S. officials intercepted some hardware that came out of Cisco Systems, a major manufacturer of the routers and switches that make up the spine of the internet, apparently so the equipment directed traffic back to U.S. intelligence agencies. There is no evidence that Cisco cooperated, but the publication of the photos led some foreign customers to believe that American equipment had been broadly compromised by the NSA.

For that reason, the new technology accord vows that the 31 signers “will protect against tampering with and exploitation of technology products and services during their development, design, distribution and use.” Among the companies that signed are Oracle, Symantec, FireEye and HP, along with the Finnish company Nokia and the Spanish company Telefónica.

Microsoft officials said they briefed the Trump administration on the new accord and heard no objections. But that may not mean much: Trump’s homeland security adviser, Thomas P. Bossert, who oversaw cybersecurity policy, was dismissed last week after John R. Bolton took over as national security adviser.

The cybersecurity coordinator at the White House, Rob Joyce, is widely rumored to be considering leaving his post and returning to the NSA, where he ran the most elite of the cyberforces that attack foreign networks. If Joyce departs, the White House will have lost its two most senior, and most knowledgeable, cybersecurity policymakers in the span of a few weeks.

ADVERTISEMENT

This article originally appeared in The New York Times.

DAVID E. SANGER © 2018 The New York Times

JOIN OUR PULSE COMMUNITY!

Unblock notifications in browser settings.
ADVERTISEMENT

Eyewitness? Submit your stories now via social or:

Email: eyewitness@pulse.ng

Recommended articles

Here's everything to know about being a virgin on your wedding night

Here's everything to know about being a virgin on your wedding night

7 do's and don’ts of the Holy month of Ramadan

7 do's and don’ts of the Holy month of Ramadan

Top 5 sweetest celebrity mother-child relationships that stand out for us

Top 5 sweetest celebrity mother-child relationships that stand out for us

International Women's Day: 5 Nigerian female celebrities championing women’s rights

International Women's Day: 5 Nigerian female celebrities championing women’s rights

Top 5 female directors in Nollywood

Top 5 female directors in Nollywood

6 things that will break a Muslim's fast during Ramadan

6 things that will break a Muslim's fast during Ramadan

5 benefits of fasting during Ramadan

5 benefits of fasting during Ramadan

5 reasons Easter was more fun when we were children

5 reasons Easter was more fun when we were children

Dos and don’ts of supporting Muslims during Ramadan

Dos and don’ts of supporting Muslims during Ramadan

ADVERTISEMENT
ADVERTISEMENT