Some of the biggest names in the IT industry have released a new set of principles which they hope will help to disrupt the menace of “cyber-mercenaries.”
Industry group the Cybersecurity Tech Accord uses the term to refer to a growing number of companies dedicated to developing and selling offensive cyber capabilities, mainly to government customers.
Citing reports that claim the market for these services has grown to at least $12bn over recent years, the group argued that these firms are undermining democratic values and making the digital world less secure.
That’s because they often sell their services to autocratic governments who use them to spy on journalists, human rights activists, political dissidents and others, and because they actively research new zero-day vulnerabilities which are kept secret from the affected vendors.
Read more on cyber-mercenaries: US Moves to Ban "Anti-Democratic" Spyware.
Meta claimed in 2021 that cyber-mercenary firms had enabled the targeting of as many as 50,000 people across its platforms. It highlighted several offenders, including Cobwebs Technologies, Cognyte, Black Cube and Cytrox.
“It’s more than a little concerning to see the unabating rise of companies providing digital weapons for hire,” argued Microsoft CVP for customer security and trust, Tom Burt.
“There is no reason that this kind of business model should be tolerated, given all the risks it poses.”
The Cybersecurity Tech Accord’s five principles are:
- Take steps to counter cyber-mercenary use of products and services to harm people
- Identify ways to actively counter the cyber-mercenary market
- Invest in cybersecurity awareness among the general public
- Protect users by maintaining the integrity and security of products and services
- Develop processes for handling valid legal requests for information
These efforts got a boost this week when a new Presidential executive order effectively banned the use of commercial spyware by the US government if it had previously been misused by autocracies and/or poses a counter-intelligence or security risk to the US.
Among the signatories to the new principles are Microsoft, Google, Trend Micro and Cisco.