Three years ago, the Cybersecurity Tech Accord was launched, bringing together the technology industry to identify ways to better respond to escalating threats online. Much has happened in the time since. 2021 is quite different from 2018, and cyber risk has continued to grow as a concern. Increasingly sophisticated attacks and wide capability disparities in regions around the world have combined to present a daunting challenge that requires new forms of collaboration and leadership. This week, the Cybersecurity Tech Accord is celebrating its third anniversary with the release of its annual report, capturing our efforts thus far to build and engage with new partnerships and institutions to meet this challenge and protect our users and customers everywhere.
The threat environment online, like everything else in cyberspace, is constantly evolving. However, this is not simply a consequence of the rapid pace of technological change, it is also the result of states increasingly treating cyberspace as a domain of conflict. Geopolitical tensions in the physical world are often reflected in the virtual one – undermining stability. While issues of peace and security rightly remain the responsibility of governments, as the owners and operators of much of the infrastructure that makes up cyberspace, the technology industry must play a leading role in helping to secure the digital domain. This includes not only improving cybersecurity, but also working to identify areas that should not be exploited under any circumstances, given their impact on cyberspace as a whole.
Unfortunately, the industry has historically had limited participation in forums beyond the technical realm, in spaces where expectations for responsible behavior are to be established and reinforced. The Cybersecurity Tech Accord was founded to address this issue and provide a unified voice for the technology industry on matters of peace and security online.
Over the last three years, we have worked to grow our coalition, establish partnerships across stakeholder groups, and drive dialogue and progress in international forums on peace and stability online – including in many spaces that previously had little or no industry engagement. For example, this past year, we were vocal participants in cybersecurity discussions at the United Nations and across regional bodies, created new resources to help individuals and organizations improve their cybersecurity and be safe online, and led by example by ensuring our signatories implement what we preach. In sum, we focused on creating new models of partnership for cybersecurity, grounded in multistakeholder collaboration, but also on ensuring that the technology industry takes its responsibilities seriously.
We will recognize these efforts and our third anniversary at an event this Thursday, May 6, that will bring together not just our signatories, but the individuals and groups that share our passions, objectives, and goals in a discussion of escalating conflict online. We will explore the findings of a survey on nation state threats that we commissioned earlier this year, and will be joined in discussion by a representative from the French Ministry for Europe and Foreign Affairs, and the Senior Advisor to the US Cyberspace Solarium Commission, to help identify additional ways forward.
This past year has shown that we need security and stability in cyberspace as a global community, because we all depend on the online world. The Cybersecurity Tech Accord has laid the foundations for the technology industry to join in transformational cooperation across stakeholder groups to help turn the tide on escalating threats online. But we need to do more, together. We are excited about the road ahead and hope more companies will join us on this journey.
Strong foundations for innovative solutions – Incident Response Working Group
The Cybersecurity Tech Accord has built unprecedented relationships between companies from across the industry and around the world in recent years to help address the most significant threats. We look forward to exploring how these relationships can support a coalition to showcase international best practices and even help coordinate responses to major cyber incidents. A “Security Industry Incident Response Working Group” could come together and create unified approaches and support information sharing channels as a defense for global entities during large scale security events.
Ann Johnson, Corporate Vice President SCI Business Development, Microsoft
Each of the Cybersecurity Tech Accord’s initiatives are grounded in our four founding principles – Strong Defense, No Offense, Capacity Building, and Collective Action. Below are just a few examples from the past year under each principle, and we encourage you to read our full annual report to learn more.
Strong Defense
- Over 100 signatories have adopted and published a vulnerability disclosure policy, which are available for review on our website.
- Published a whitepaper on the difference between active cyber defence and “hacking back” by private organizations.
“The commitment to vulnerability disclosure has been exciting to see implemented. We have focused on vulnerability disclosure since the group’s inception in 2018, and we understand how difficult is to move the needle. Now, not only are all the Cybersecurity Tech Accord signatories adopting these policies, we are also showing the rest of the industry the many different approaches to vulnerability disclosure that work together to keep everyone safer.”
Annalaura Gallo, Head of Secretariat, Cybersecurity Tech Accord
No Offense
- Published a report on corporate perceptions of nation state threats, together with the Economist Intelligence Unit.
- Provided written contributions and joined live discussions to give input to the UN Open Ended Working Group on information security ahead of their final report.
“It is past time that the technology industry speaks with one voice to say that escalating conflict in cyberspace is not an acceptable trend. Any investment in tools that undermine Information and Communication Technology (ICT) security put people everywhere, including their own people, at greater risk.”
Jon Clay, VP – Threat Intelligence, Trend Micro, Cybersecurity Tech Accord Signatory
Capacity Building
- Compendium on cyber hygiene for organizations and individuals.
- Consumer IoT security campaign – Stay Smart. Stay Safely Connected.
“Connected or ‘smart’ products – watches, TVs, doorbells – they’re the new normal, but we need to make sure they do not become a new attack surface. Manufacturers have a responsibility to make sure that devices are made with security in mind, and consumers need to be empowered to use them safely.”
Avast, Cybersecurity Tech Accord Signatory
Collective Action
- Growing our coalition to now include 150 company signatories from across 5 continents.
- Public calls on policymakers to restore access to WHOIS data to improve ecosystem security and brand integrity.
“We have to work together because in a networked world we are all connected. Cybersecurity is not a zero-sum game. When one individual, organization or country is more secure, the rest of us are as well.”
Andrew Ankunda, CEO, Logrythm Africa, Cybersecurity Tech Accord Signatory