As RSA Conference Convenes, Tech Companies Promise to Take Security Reins

As 50,000 members of the cyber security community descended upon San Francisco for the annual RSA Conference to discuss solutions to the security questions facing us, 34 technology companies revealed that they plan to start doing something.

In signing the so-called Cybersecurity Tech Accord, Cisco, Facebook, Microsoft and 31 other companies have pledged to “defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states.”

The accord is, at least in part, a reaction to the ongoing reports of cyber-meddling in the 2016 Presidential election, and the continuing FBI investigation into that meddling. It also comes on the heels of the Cambridge Analytica fiasco that has had Facebook CEO Mark Zuckerberg testifying before Congress and the company in damage control mode. A further boost in the Accord’s profile was provided Monday, when American and British leaders issued an unprecedented joint warning about Russian cyberattacks against government, private organizations and even individuals.

The Accord group, which was to meet for the first time at RSA Conference to discuss building capacity and take collective action, was also notable in part for the names that were not involved. Apple, Amazon, Google and Twitter did not sign the initial accord, although the group’s announcement established that the Accord “remains open to consideration of new private sector signatories, large or small and regardless of sector.”

Only two foreign companies were on the list, and both are large telecommunications firms: Finland’s Nokia and Spain’s Telefonica.

The accord was spurred in part by Microsoft President Brad Smith, who has repeatedly called for development of a “digital Geneva Convention” agreement that would establish behavioral norms in the digital world, much the way the Geneva Convention did for conventional warfare.

“The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do but also about what we can all do together,” Smith said in the Accord announcement.

Smith mentioned the accomplishment of bringing the Accord to fruition during his keynote address at RSA Conference, echoing a blog post he authored this week.

“The success of this alliance is not just about signing a pledge, it’s about execution,” Smith wrote. “That’s why today is just an initial step and tomorrow we start the important work of growing our alliance and take effective action together.”

Meanwhile, during RSAC’s annual keynote panel of cryptographers, one of the panelists indirectly (and possibly unintentionally?) commented on the Accord when the Facebook scandal came up, questioning whether companies vowing to take more control of security should provide much peace of mind.

“We can’t count on the companies that are profiting from our data to protect it,” said Paul Kocher, the founder of Cryptography Research who is now an independent security researcher and advisor, in an apparent admonishment of Facebook.

Whether the Accord ultimately proves to be a springboard to tech products being built with stronger security and privacy features remains to be seen, but for now, the fact that the tech world is looking to establish security and privacy as larger priorities can only be a positive development.