The ‘big tech’ companies have pledged to increase their spending on cybersecurity after meeting US President Joe Biden. The big tech players include Microsoft, IBM, AWS, Google and Apple. CEOs from the ‘big tech’ companies as well as other major sectors met at a cybersecurity summit at the White House yesterday.
President Biden has called for more work to be done on cybersecurity, especially with increasing cyberattacks targeting critical infrastructure and disrupting the supply chains of various industries recently. Some of the major cyber attacks in recent months included the SolarWinds hack, Colonial Pipeline hack and JBS meat supplier hack.
Among the technology firm CEOs present included Alphabet and Google CEO Sundar Pichai, Microsoft CEO Satya Nadella, Apple CEO Tim Cook, IBM CEO Arvind Krishna, and new Amazon CEO Andy Jassy. The meeting was also attended by the chief executives from the education, insurance, financial services, as well as the energy and water sectors.
According to a statement from the White House, “recent high-profile cybersecurity incidents demonstrate that both US public and private sector entities increasingly face sophisticated malicious cyber activity. Cybersecurity threats and incidents affect businesses of all sizes, small towns and cities in every corner of the country, and the pocketbooks of middle-class families. Compounding the change, nearly half a million public and private cybersecurity jobs remain unfilled.”
Following the meeting, the Biden administration announced that the National Institute of Standards and Technology (NIST) will collaborate with industry and other partners to develop a new framework to improve the security and integrity of the technology supply chain. The approach will serve as a guideline to public and private entities on how to build secure technology and assess the security of technology, including open-source software. Microsoft, Google, IBM, Travelers, and Coalition committed to participating in this NIST-led initiative.
Increasing investment and skills in cybersecurity
In terms of investment over the next five years, Google will invest US$ 10 billion to expand zero-trust programs, help secure the software supply chain and enhance open-source security while Microsoft will invest US$20 billion to accelerate efforts to integrate cybersecurity by design and deliver advanced security solutions.
Microsoft also aims to help in technical services by making US$150 million available for federal, state and local governments especially with the purpose of upgrading security protection. They will also expand partnerships with community colleges and non-profits for cybersecurity training.
With the shortage of skilled tech employees a major concern globally, Google and IBM will also train people in cybersecurity skills. IBM plans to train 150,000 over the next three years while Google will help 100,000 Americans earn industry-recognized digital skills certificates that provide the knowledge that can lead to securing high-paying, high-growth jobs.
Meanwhile, AWS will make its security awareness training available to the public for free as well as offer customers devices equipped with multi-factor authentication to protect against phishing and password theft, without any additional cost.
As for Apple, they plan to establish a new program to drive continuous security improvements throughout the technology supply chain. With over 9,000 suppliers in the US, Apple will work with them to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
“Cybersecurity is a national security and economic security imperative for the Biden Administration and we are prioritizing and elevating cybersecurity like never before,” said the White House.
Earlier this month, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency under the initiative called the Joint Cyber Defense Collaborative (JCDC), revealed they would be working with technology providers, cybersecurity firms, and telecommunications providers to create and execute new cyber defense operations plans, with an initial focus on combating ransomware and cyberattacks on cloud-computing providers including cloud market-leading AWS, Microsoft and Google Cloud.
Internationally, the Biden Administration has rallied G7 countries to hold accountable nations who harbor ransomware criminals and to update NATO cyber policy for the first time in seven years. During the Biden-Putin Summit earlier this year, President Biden gave Russian President Vladimir Putin a list of 16 types of critical infrastructures that should be “off-limits” from cyberattacks, such as the energy and water sectors. Biden also pressed Putin to stop harboring Russian cybercriminals and hold them accountable for attacks overseas.
While governments around the world continue to work towards reducing cybercrime, big tech companies need to continue playing an important role in providing additional security muscle, especially for software and services that they run, ensuring that more are protected. Attacks in the supply chain may not only damage organizations but can eventually affect the big tech players themselves.
At the end of the day, be it in the US or globally, if the big tech players do not cooperate and share information on how to deal with cybercriminals, it will only provide the criminal element time to pull away in technological prowess, making it even more challenging before the problem is solved.
20 January 2022
20 January 2022