Microsoft-led industry group pledges to not assist government cyberattacks

A cohort of major technology companies led by Microsoft committed Tuesday to a core set of principles for behavior in cyberspace, including not helping any government mount a cyberattack against “innocent civilians and enterprises.” For the last several weeks, Microsoft has been seeking support from companies in order to define a common standard of behavior, or norms, for the broader software making community. The announcement was spearheaded by Brad Smith, president and chief legal officer of Microsoft. Smith spoke Tuesday morning at the RSA cybersecurity conference in San Francisco to an audience mostly comprised of cybersecurity industry insiders and marketers. These norms spelled out in the agreement cover more than government relations. They contain the concept of “collective action” between technology companies to eliminate some of the more expansive cybersecurity threats facing the global economy. Dubbed the “Cybersecurity Tech Accord,” the agreement showcases the signatures of more than 30 chief executives from some of […]

The post Microsoft-led industry group pledges to not assist government cyberattacks appeared first on Cyberscoop.

Continue reading Microsoft-led industry group pledges to not assist government cyberattacks

Hoping to fill a global void, private companies push for ‘cyber norms’

Technology companies are increasingly joining together to develop and promote the adoption of international “norms” and other rules for cyberspace, hoping to fill a void left by governments and international institutions that have failed to act. The latest example of the dynamic came last week when a prominent group of corporations, including Siemens, Airbus and microchip maker DXP, announced a new nine-member cybersecurity charter. The document — essentially a nonbinding agreement to work to improve global cybersecurity — is currently open for other companies to join, one member said. “Cybersecurity is and has to be more than a seatbelt or an airbag here; it’s a factor that’s crucial to the success of the digital economy,” reads a statement on the charter’s website. “People and organizations need to trust that their digital technologies are safe and secure; otherwise they won’t embrace the digital transformation. That’s why we are signing together a Charter of Trust […]

The post Hoping to fill a global void, private companies push for ‘cyber norms’ appeared first on Cyberscoop.

Continue reading Hoping to fill a global void, private companies push for ‘cyber norms’

Why a global cybersecurity Geneva convention is not going to happen

Microsoft President and Chief Legal Officer Brad Smith has been pounding the pavement all year asking for a “global cyber Geneva Convention” in the face of threats facing his employer’s software and the greater internet at large. It’s a pipe dream and I’ll tell you why. Any global effort works best when there are clear answers. For instance, there is a clean line between “nuclear war” and “not nuclear war.” The cyber domain is different. While there is some consensus within Microsoft that’s driven by business concerns and hyped as social concerns, there isn’t the same consensus within or between global governments. We don’t even know the trade-offs that would be implied by the things Microsoft is asking for: a barrier on the trade of “cyberweapons” resulted in massive outcry when it was codified in the Wassenaar Arms Control Arrangement last year, some of which came from the very same […]

The post Why a global cybersecurity Geneva convention is not going to happen appeared first on Cyberscoop.

Continue reading Why a global cybersecurity Geneva convention is not going to happen

Former NSA hackers: Yahoo indictments won’t slow down Russian cyberattacks

Newly unveiled indictments against a group of hackers working for Russian intelligence will do little to deter future cyberattacks against the U.S., former NSA analysts and government lawyers tell CyberScoop. Under the Obama administration, the Justice Department’s National Security Division pioneered a cybersecurity strategy of deterrence through indictments and criminal prosecutions. Over the last several years, in the aftermath of multiple high-profile data breaches, however, this approach of “naming and shaming” has garnered significant criticism for its lack of clear, deliverable results, experts say. “The [Yahoo] indictment calls into question whether past ‘name and shame’ indictments of international cybercriminals have had any deterrent effect,” said Edward McAndrew, a former federal cybercrime prosecutor in the U.S. Attorney’s Offices for the Eastern District of Virginia and for the District of Delaware, via email. “Indictments of this type only have deterrent effect if the defendants end up in a US prison — and for longer […]

The post Former NSA hackers: Yahoo indictments won’t slow down Russian cyberattacks appeared first on Cyberscoop.

Continue reading Former NSA hackers: Yahoo indictments won’t slow down Russian cyberattacks