SAN FRANCISCO (Reuters) - Microsoft, Facebook and more than 30 other global technology companies on Tuesday announced a joint pledge not to assist any government in offensive cyber attacks.
The Cybersecurity Tech Accord, which vows to protect all customers from attacks regardless of geopolitical or criminal motive, follows a year that witnessed an unprecedented level of destructive cyber attacks, including the global WannaCry worm and the devastating NotPetya attack.
“We recognize that we live in a new world,” Microsoft President Brad Smith said during a speech on Tuesday at the RSA cyber security conference in San Francisco. “We’re living amidst a generation of new weapons, and where cyberspace has become the new battlefield.”
Smith, who led efforts to organize the alliance, said the devastating cyber attacks in 2017 demonstrated the need for the technology sector to “take a principled path toward more effective steps to work together and defend customers around the world.”
It was not clear whether any companies would change their existing policies as a result of joining the accord.
Microsoft did not immediately respond to a series of questions about the accord, including whether the company had previously participated in government-sponsored offensive cyber operations or how the pledge would impact compliance with lawfully obtained surveillance orders in the United States or elsewhere.
The accord also promised to establish new formal and informal partnerships within the industry and with security researchers to share threats and coordinate vulnerability disclosures.
It builds on an idea for a so-called Digital Geneva Convention that Smith rolled out at least year’s RSA conference, a proposal to create an international body to protect civilians from state-sponsored hacking.
Countries, Smith said then, should develop global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two.
In addition to Microsoft and Facebook, 32 other companies signed the pledge, including Cisco, Juniper Networks, Oracle, Nokia, SAP, Dell and cyber security firms Symantec, FireEye and Trend Micro.
The list of companies does not include any from Russia, China, Iran or North Korea, widely viewed as the most active in launching destructive cyber attacks against their foes.
Major U.S. technology companies Amazon, Apple, Alphabet and Twitter also did not sign the pledge.
Reporting by Dustin Volz; Editing by Dan Grebler