LAS VEGAS — The Microsoft- and Facebook-led Cybersecurity Tech Accord will tackle router safety as its first action since its launch in April. As part of that action, the group today endorsed the Mutually Agreed Norms for Routing Security (MANRS).
MANRS is an initiative developed in 2014 by a group of network operators and managed by the Internet Society (ISOC), an open internet nonprofit.
“As a group, we will promote MANRS itself, as well as raise awareness of the challenges of routing security and encourage actions to address those, in addition to prompting the culture of collective responsibility of the internet’s global routing system,” according to a Cybersecurity Tech Accord blog post.
The Cybersecurity Tech Accord and MANRS also established a working group to determine how companies beyond network operators and IXPs can contribute to routing security. The groups plan to announce “concrete steps” to move this effort forward and said they will create a framework for technology companies in the coming months.
Microsoft President Brad Smith announced the Cybersecurity Tech Accord at the industry’s other major cybersecurity event, RSA, four months ago. It’s a pledge by participating companies to protect their customers from attacks by cybercriminals and nation states, and to not help governments launch cyberattacks.
While today’s news about endorsing MANRS wasn’t announced at this week’s made at Black Hat event in Las Vegas, timing the announcement to coincide with the annual security conference probably wasn’t a fluke.
Collaboration at Black Hat
In an interview at Black Hat with SDxCentral, Johnnie Konstantas, senior director of Microsoft’s Enterprise Cybersecurity group, said the Cybersecurity Tech Accord and other collaborative efforts show that Microsoft is committed to working with tech companies — as well as public-sector groups and law enforcement — to advance security for customers and the general public.
When asked about the accord, she said “the commitment from technology leaders speaks volumes about a desire to make this accord larger and encourage participation.”
Addtionally, Microsoft teams worked with the FBI, Interpol, and other law enforcement globally to take down Gamarue, a widely distributed malware used in networks of infected computers collectively called the Andromeda botnet, Konstantas said.
The company has also been working with Intel and AMD on its new chipsets. Microsoft and Google threat researchers in May disclosed a new variant of the Meltdown and Spectre bugs affecting Intel, AMD, and ARM CPUs.
“Microsoft is working with Intel and AMD to make it harder to introduce unwanted elements at the hardware layer: prior to system boot, during system boot, and runtime,” Konstantas said. “This combination of our software development with specialized versions of the chipsets results in us being able to do very good device security, and this is just the beginning. I think you’re going to see more of this type of collaboration between all chipset manufacturers, all the major OS vendors, and the major cloud vendors are very invested in seeing this next generation of microprocessors that have more robust performance and security.”
Last April, the company rolled out the Microsoft Intelligent Security Association, a group of 19 security technology providers that integrated their products with some Microsoft products to improve threat protection, detection, and response. And in June it added five new companies.
All of this underscores the need for partnerships, Konstantas said.
“We’re very much about holding hands with the ecosystem,” she added. “We understand we can’t make everything that is required for defense-in-depth security. As a community we can do more.”