Cybersecurity Tech Accord: High tech declaring war on hackers
They say, "The enemy of my enemy is my friend." And, these days, every major software company on the planet has at least one common foe: state-sponsored cyberwarfare.
Recently, more than 40 tech companies banded together in an unprecedented alliance called the Cybersecurity Tech Accord to declare they would not help any government launch cyberattacks against any "innocent civilians and enterprises from anywhere." The alliance includes many industry allies as well as competitors. They all managed to agree to a set of principles that bolster cybersecurity for customers and enable companies to cooperate in efforts to tackle the rising number of malicious cyberattacks globally.
Does this "Digital Geneva Convention" signify that, after years of exponential increases in such attacks, tech companies are finally ready to set aside their competitive differences and collaborate to close security holes affecting all of them and finally tackle this problem? Analysts say the answer is yes—because they have little choice.
“Global business is finding out that it needs to have cybersecurity norms that cross cultures or political regions,” says John Pescatore, a director at SANS Institute and former lead security analyst at Gartner. “The software/IT industry is seeing that agreements on cybersecurity standards, or shared beliefs, are critical to global business success.”
Others agree. "This is an admission by the security industry that no one has a monopoly and no vendor can do it all,” says Jon Oltsik, senior principal analyst at Enterprise Strategy Group. "Vendors are getting more pushback from customers that they need to be more cooperative with other vendors, since organizations can’t possibly manage dozens of security tools effectively on their own.”
The Cybersecurity Tech Accord was reached after particularly troubling cyberattacks made clear that cybersecurity is an increasing problem for political systems, critical infrastructure, and businesses around the world.
Need examples? We have way too many
According to Symantec’s 2018 Internet Security Threat Report, overall threat activity was up about 10 percent last year, driven primarily by organized groups—mostly nation states—looking to gather intelligence, disrupt political systems and economies, sabotage infrastructure, and steal money.
We all know about the more high-profile incidents, such as Russia’s apparent meddling in the 2016 U.S. presidential elections and last year’s WannaCry ransomware virus, which is thought to have been at least partly the work of North Korea. But such events are becoming an almost everyday occurrence.
Just prior to the announcement of the Cybersecurity Tech Accord, Dan Coats, director of national intelligence, said the United States is "under attack" by "entities using cyber to penetrate virtually every major action that takes place in the U.S." Around the same time, the U.S. Department of Homeland Security, the FBI, and the United Kingdom’s National Cyber Security Centre released a joint technical alert warning about malicious cyberactivity by the Russian government targeting government and private-sector organizations, critical infrastructure providers, and Internet service providers.
In fact, already this year, we’ve been told the following:
- Chinese state-sponsored hacking groups targeted Japanese defense companies in an attempt to gain information about Tokyo’s policies toward North Korea.
- North Korean hacking groups expanded their range of targets to attack industries in Japan, Vietnam, and the Middle East.
- Russia deliberately targeted Western critical infrastructure by compromising home and business routers.
- The Canadian government's computer networks are reportedly hit by state-sponsored cyberattacks about 50 times a week—and at least one of them usually succeeds.
- Russia was apparently behind a December 2017 attack on Germany’s domestic intelligence services.
- The North Korean hacking group responsible for the SWIFT attacks apparently targeted a Central American online casino in an attempt to siphon funds.
- The Iranian government stole intellectual property from more than 300 universities as well as government agencies and financial services companies.
- Chinese hackers used malware to attack service providers for the U.K. government in an attempt to gain access to contractors at various U.K. government departments and military organizations.
- Norwegian officials discovered an attempt to steal patient data from a hospital system in an attack they speculated was connected to an upcoming NATO military exercise.
What many of these attacks have in common is that they exploit known vulnerabilities in existing software and firmware, a fact analysts such as Pescatore have decried for many years.
“What we need is a declaration of war against easily avoided vulnerabilities,” says Pescatore. “Over 90 percent of incidents are enabled by a known vulnerability that could have been avoided or mitigated.”
More recently, though, malicious hackers are also piercing networks by exploiting vulnerabilities in processors, as with the Meltdown and Spectre flaws. Similarly, they are taking advantage of the fact that more data is shifting away from network servers, some of which now have built-in fortifications, to less-protected edge devices, such as laptops, smartphones, network printers, and IoT devices.
Bob Moore, director of product security at Hewlett Packard Enterprise, says malicious hackers continue to get smarter and more organized with covert groups continually sharing intelligence. The Cybersecurity Tech Accord seeks to offset that trend by bringing together some of the best and brightest minds to defend mutual customers around the world.
“I think this will lead to some stronger defense against cyberattacks,” says Moore. “We’re all recognizing the huge trends that are out there and this perfect storm of nation-state-sponsored intelligence gathering, financially motivated exploits, and disruptive attacks coming together to hurt everyone. This has to stop, and we see these accords as a good starting point for making that happen.”
Moore acknowledges that many industry alliances often crumble after the fanfare of a public kumbaya subsides, but he says he believes this one can achieve success with mutual commitment and strong collaboration.
"This collection of companies realizes the sense of urgency we have around cybersecurity and the need to protect critical infrastructure," Moore says. "This is a group that I believe can work together toward common goals and common designs. Analysts say cybercrime will be an $8 trillion problem by 2022, so we all know we’re going to be in this for the foreseeable future and must take our charter very seriously."
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.