Some of the world’s biggest tech companies have committed tens of billions of dollars to improving supply chain security, closing industry skills gaps and driving security awareness among the public, according to the White House.
As reported by Infosecurity yesterday, the Biden administration welcomed the CEOs of Microsoft, Apple, Google, IBM and others to a meeting yesterday to discuss the “whole-of-nation” effort needed to address cybersecurity threats.” The result of that encounter has been a series of commitments from these firms, including $10bn from Google over the next five years to expand zero trust and improve supply chain and open source security. The tech giant will apparently also help 100,000 Americans earn “digital skills certificates.”
IBM said it would train 150,000 people in cyber skills over the coming three years and focus on improving the diversity of the security workforce, while Microsoft has committed $20bn over five years to drive security by design, and $150m for federal, local and state governments. Apple will establish a new program to improve supply chain security, including among its 9000 US suppliers, with multi-factor authentication (MFA), vulnerability remediation, event logging and incident response all playing a key role. Amazon is making MFA devices available to all AWS customers and rolling out the security training it offers employees to the general public.
Aside from these commitments, the White House announced the expansion of its Industrial Control Systems Cybersecurity Initiative, from the electricity sector to natural gas pipelines, and said the National Institute of Standards and Technology (NIST) would develop a new framework for supply chain security. In another potentially significant move, insurer Resilience said it would require policyholders to meet a threshold of cybersecurity best practice as a condition of receiving coverage — something experts have been demanding for some time across the industry.
NextGov.com also quotes the president’s remarks about a cybersecurity executive order issued May 12th: “Because of that order, government will only buy tech products that meet certain cybersecurity standards, which will have a ripple effect across the software industry, in our view, ultimately improving security for all Americans,”