6 Big Cybersecurity Bets From America’s Top Tech Companies
Following a meeting Wednesday with President Joe Biden about the cybersecurity threats America faces, here’s what Amazon, Apple, Google, IBM and Microsoft committed to do to strengthen the nation’s security posture.
An Unprecedented Onslaught
Cybersecurity has been in the headlines more than ever in recent months thanks to the Russian foreign intelligence service attack against the SolarWinds Orion network monitoring platform, the Chinese compromise of Microsoft Exchange on-premises servers, and high-profile ransomware attacks against natural gas supplier Colonial Pipeline, meatpacking giant JBS Foods, technology supplier Kaseya and IT consulting giant Accenture.
These attacks prompted President Joe Biden Wednesday to hold a meeting with top executives from tech, finance, insurance, education, and critical infrastructure, including: ADP President and CEO Carlos Rodriguez; Amazon CEO Andy Jassy; Apple CEO Tim Cook; Sundar Pichai, CEO of Google parent Alphabet; IBM Chair and CEO Arvind Krishna; and Microsoft Chair and CEO Satya Nadella.
At the meeting, Biden provided an update on last month’s National Security Memorandum that outlined the administration’s expectations for owners and operators of critical infrastructure. To date, Biden said the initiative has already improved the cybersecurity of more than 150 electric utilities that serve 90 million Americans. And on Wednesday, the initiative was expanded to address natural gas pipelines.
Coming out of the meeting late Wednesday afternoon, several participants announced cybersecurity commitments and initiatives. From training and technology to supply chain initiatives and open-source security, here’s what Amazon, Apple, Google, IBM and Microsoft committed to do to strengthen America’s security posture.
6. Apple To Drive Security Best Practices From Suppliers
Apple announced Wednesday it’ll establish a new program to drive continuous security improvements throughout the technology supply chain. The Cupertino, Calif.-based device maker plans to work with its suppliers – including more than 9,000 in the United States – to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
5. Amazon To Roll Out Free MFA, Security Training
Amazon said Wednesday that it will, in October, make available at no charge to organizations and individuals the cybersecurity training materials it has developed to keep employees and sensitive information safe from cyberattack. Businesses and other organizations can build their own solutions on top of the Amazon Security Awareness training courses, which include both videos and online assessments.
The Seattle-based e-commerce and cloud computing giant said it’ll also make available to all Amazon Web Services account holders at no additional cost a multi-factor authentication device to protect against cybersecurity threats. Users with access to the AWS Management Console will be able to authenticate themselves by touching the MFA security token plugged into their computer’s USB port.
Amazon said the free MFA token adds a layer of security to protect customers’ AWS accounts against phishing, session hijacking, man-in-the-middle, and malware attacks. Customers can also use their MFA devices to safely access multiple AWS accounts as well as other token-enabled applications such as GitHub, Gmail, and Dropbox.
4. Microsoft, Google, IBM To Aid In Supply Chain Security Effort
The National Institute of Standards and Technology (NIST) will collaborate with Microsoft, Google, IBM, and insurance providers Travelers and Coalition to develop a new framework to improve the security and integrity of the technology supply chain. The approach will serve as a guideline to public and private entities on how to build and assess the security of technology, including open source software.
San Francisco-based Coalition also announced Wednesday it’ll make its cybersecurity risk assessment and continuous monitoring platform available for free to any organization. Meanwhile, San Francisco-based cyber insurance provider Resilience announced it’ll require policy holders to meet a threshold of cybersecurity best practice as a condition of receiving coverage.
3. IBM To Train 150K People In Cybersecurity Skills
IBM announced Wednesday it’ll train more than 150,000 people in cybersecurity skills over the next three years through a range of programs such as SkillsBuild. The Armonk, N.Y.-based technology giant said it’ll also partner with more than 20 Historically Black Colleges and Universities to establish Cybersecurity Leadership Centers to build a more diverse U.S. cyber workforce.
Big Blue is also calling for the establishment of voluntary public reporting standards on cybersecurity practices similar to the environmental, social, and governance reporting that already takes place, CEO Arvind Krishna wrote on LinkedIn. Krishna urged the industry to focus on measuring tangible progress and results, and said the cyber framework developed by NIST could serve as a strong starting point.
The company also announced IBM Safeguarded Copy, a new data storage offering that can shorten the time it takes for organizations to recover from days to hours. IBM is already working with industries that operate critical infrastructure and will expand this offering to other clients, Krishna said. IBM will also help develop and deploy new quantum-safe encryption methods such as lattice-based cryptography.
2. Google To Invest $10 Billion In Cybersecurity
Google announced Wednesday it’ll invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security. The Mountain View, Calif.-based firm encouraged the U.S. government to expand its zero-trust guidelines to include production environments, which in addition to app segmentation substantially improves protection.
The company said it’ll also invest in the expansion of its SLSA (Supply Chain Levels for Software Artifacts) framework to protect the key components of open-source software widely used by many organizations, SVP of Global Affairs Kent Walker wrote in a blog post. Google will provide $100 million to support third-party foundations like OpenSSF that manage open source security priorities and help fix vulnerabilities.
Google additionally pledged to help 100,000 Americans earn certificates over the next three years in high-demand fields like IT support, data analytics, data privacy and security so that they can land high-paying jobs. The company also committed to improving the digital skills of 10 million Americans from basic to advanced by 2023 through training programs.
1. Microsoft To Invest $20 Billion In Cybersecurity
Microsoft announced Wednesday it’ll invest $20 billion over the next five years to accelerate efforts to integrate cybersecurity by design and deliver advanced security solutions. The Redmond, Wash.-based software giant had previously said it was spending $1 billion per year on security, so Wednesday’s pledge represents a quadrupling of Microsoft’s commitment to cyber.
Microsoft said it’ll also immediately make available $150 million in technical services to help federal, state, and local governments with upgrading security protection. The engineering services from Microsoft will help ensure government agencies deploy the best and most up to date security tools available as they look to modernize, according to the company.