Some of the world’s biggest tech companies have committed tens of billions of dollars to improving supply chain security, closing industry skills gaps and driving security awareness among the public, according to the White House.
As reported by Infosecurity yesterday, the Biden administration welcomed the CEOs of Microsoft, Apple, Google, IBM and others to a meeting yesterday to discuss the “whole-of-nation” effort needed to address cybersecurity threats.”
The result of that encounter has been a series of commitments from these firms, including $10bn from Google over the next five years to expand zero trust and improve supply chain and open source security. The tech giant will apparently also help 100,000 Americans earn “digital skills certificates.”
IBM said it would train 150,000 people in cyber skills over the coming three years and focus on improving the diversity of the security workforce, while Microsoft has committed $20bn over five years to drive security by design, and $150m for federal, local and state governments.
Apple will establish a new program to improve supply chain security, including among its 9000 US suppliers, with multi-factor authentication (MFA), vulnerability remediation, event logging and incident response all playing a key role.
Amazon is making MFA devices available to all AWS customers and rolling out the security training it offers employees to the general public.
Aside from these commitments, the White House announced the expansion of its Industrial Control Systems Cybersecurity Initiative, from the electricity sector to natural gas pipelines, and said the National Institute of Standards and Technology (NIST) would develop a new framework for supply chain security.
In another potentially significant move, insurer Resilience said it would require policyholders to meet a threshold of cybersecurity best practice as a condition of receiving coverage — something experts have been demanding for some time across the industry.
“I’m especially excited to see that Resilience is requiring minimum cybersecurity standards as a condition of coverage,” argued Jake Williams, co-founder and CTO at BreachQuest. “Many organizations view cyber-insurance as an alternative to implementing security controls rather than as a complement to those controls.”
There were also pledges from several education providers to help improve security awareness among the public and grow America’s cyber workforce. The White House claimed it currently has a skills shortage of nearly 500,000 professionals.
“We applaud Amazon’s commitment to make security awareness training available at no charge and to deliver multi-factor authentication (MFA) to all Amazon Web Services account holders. Such basic defenses should be in place everywhere,” argued Jack Kudale, founder and CEO of Cowbell Cyber.
“The security crisis is acute within the small and mid-size business segment. Incentives to drive change and adoption of fundamental cyber-hygiene practices including cybersecurity and cyber-insurance will change the balance of power between businesses and cyber-criminals.”