Following a cybersecurity meeting at the White House on Wednesday, President Biden secured promises from major tech companies to spend significant sums improving the nation's cyber resiliency. Microsoft and Google, for instance, each committed billions to specific cybersecurity investments.
The meeting comes in the wake of a series of dramatic cybersecurity incidents, including the Colonial Pipeline ransomware attack that shut down gas and oil deliveries throughout the southeast, the SolarWinds software supply chain attack and an extensive hack on Microsoft Exchange servers.
In a statement, the White House said a "whole-of-nation effort" is needed to address cybersecurity threats. To that end:
- Microsoft announced it would invest $20 billion over the next five years to advance "cyber security by design" and deliver advanced security solutions. The company also announced it would immediately make available $150 million in technical services to help federal, state and local governments upgrade their security.
- Google committed $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain and enhance open-source security. The company also said it would help 100 000 Americans earn industry-recognized digital skills certificates.
- Apple will establish a new program to make the technology supply chain more secure. As part of that effort, it plans to work with its suppliers to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging and incident response.
- IBM said it would train 150 000 people in cybersecurity skills over the next three years. It will partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers.
- Amazon announced it would offer Amazon Web Services account holders a free multi-factor authentication device. It also plans to make its security awareness training, which it currently offers to employees, free to the public.
The White House also received commitments from cyber insurance providers and educational organizations to improve the nation's security posture.
In early May, President Biden issued a cybersecurity executive order requiring federal agencies to modernize their cyber defenses.
The Biden Administration earlier this year also launched a 100-day initiative to improve cybersecurity across the electric sector. On Wednesday, the administration announced the initiative has improved the cybersecurity posture of more than 150 electric utilities and would now expand to natural gas pipelines.
Additionally, the White House Wednesday said the National Institute of Standards and Technology (NIST) would develop a new framework to improve the security and integrity of the technology supply chain. To do so, it will work with partners including Microsoft, Google and IBM.