The main goal of the CTA is to severely undercut cyberattacks. It relies on four main pillars to do so: strong defense, no offense, capacity building, and collective action.
The ‘strong defense’ is is simply better defense practices. ‘No offense’ is a promise to not assist any government or agency to “launch cyberattacks against innocent citizens and enterprises,” and “protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution.”
Capacity building will bring better tooling for all. The companies that have signed the CTA are vowing to build and distribute better tools for their third-party developers. If you’re using Azure, for example, there may be some interesting new methods for securing data beyond Microsoft’s already-reliable methods.
Finally, Cybersecurity Tech Accord members promise to work together. “The companies will build on existing relationships and together establish new formal and informal partnerships with industry, civil society and security researchers to improve technical collaboration, coordinate vulnerability disclosures, share threats and minimize the potential for malicious code to be introduced into cyberspace,” reads the core document.
The CTA has some notable members (Microsoft, GitHub, ARM, Facebook), but lacks a few key players, as well. Neither Google nor Apple have signed on, nor Amazon. The New York Times says the driver of this project is Microsoft’s Brad Smith, who thinks tech needs a “digital Geneva Convention.”
It’s a strong statement. Likening the Cybersecurity Tech Accord to a global policy for conduct in times of war sends a strong signal as to the urgency Smith and those who’ve signed onto the CTA likely feel about cybersecurity. It also underscores how glaring it is when major companies aren’t members.
Data security and user privacy are hot-button topics now, and are poised to become the new battleground for tech. Facebook is just now beyond the worst of its data-leakage issues, and the problems at Equifax show how negative user sentiment can linger for years.