tanarch - stock.adobe.com
Amazon, Apple, Google, IBM and Microsoft have collectively made a series of commitments to support US president Joe Biden’s “whole-of-nation” effort to address cyber security threats against US citizens, organisations and critical infrastructure operators.
The undertakings were detailed following a meeting between Biden and leaders drawn from across the public and private sectors in the wake of a spate of high-profile cyber attacks on American interests in 2021.
“We’ve seen time and again how the technologies we rely on – from our cell phones to pipelines to the electric grid – can become targets of hackers and criminals,” said Biden in prepared remarks.
“At the same time, our skilled cyber security workforce has not grown fast enough to keep pace…About half a million cyber security jobs remain unfilled.
“That’s a challenge, but it also is a real opportunity. And I’ve made this a priority for my administration from the outset,” said Biden.
Biden has already issued an Executive Order to modernise the US government’s cyber defences and improve collaboration on cyber issues, urged Vladimir Putin to stop turning a blind eye to multiple cyber criminal groups that operate from Russia with impunity, and supported calls to action on cyber security from the G7 group of countries at its recent summit in Cornwall.
Attendees at the White House meeting held on 25 August – who included Andy Jassy, Tim Cook and Satya Nadella – discussed opportunities to bolster US cyber security both in partnership and individually. Following the summit, the following commitments were secured:
- Apple said it will set up a programme to drive continuous security improvements within the tech supply chain, working with its suppliers (totalling 9,000 across the US) to drive mass adoption of multi-factor authentication (MFA), cyber training, vulnerability remediation, and security incident and event management (SIEM);
- Amazon said it will make its internal employee security awareness training available to the public at no charge, and will offer all AWS account holders MFA devices to protect themselves from various threats, at no additional cost;
- Google said it will plough $10bn into zero-trust, supply chain security, and open source security initiatives between now and 2026, as well as help more than 100,000 Americans access to industry-recognised digital skills certifications;
- IBM said it will train 150,000 in cyber security skills between now and 2024, and will partner with 20 Historically Black Colleges and Universities (HBCUs) in the US to promote diversity in the security workforce of the future.
- Microsoft said it will invest $20bn over five years to integrate security by design and deliver new, advanced security products and services. It is also making $150m immediately available to help support national, state and local government bodies in the US with security upgrades, and will expand training partnerships with community colleges and non-profits.
Further commitments to support provision of cyber security insurance were secured from insurance firms, while organisations including Code.org and Girls Who Code committed to supporting new security education and diversity initiatives.
For its part, the White House said that the US National Institute of Standards and Technology (NIST) will now be directed to collaborate with industry and other partners on a new framework to shore up the technology supply chain, serving as a guideline to public and private sector bodies on how to build secure tech stacks and assess the security of new technology.
The administration will also formally expand an existing Industrial Control Systems (ICS) security programme to cover natural gas pipeline infrastructure.
Read more about government security response
- Speaking ahead of the G7 Summit, foreign secretary Dominic Raab says the UK is ready to take on cyber criminals and other malicious actors wherever they may be.
- The US wants Russia to agree to make critical infrastructure targets off limits to hacking, but some infosec experts are sceptical such an agreement can be enforced.
- Amid concerns that too few companies are addressing vulnerabilities in their supply chain, DCMS is opening a consultation on new measures to enhance security.