The White House and the Biden Administration have agreed “ambitious initiatives” designed to bolster the cybersecurity of the United States.
It comes after President Biden on Wednesday met with private sector and education leaders to “discuss the whole-of-nation effort needed to address cybersecurity threats.”
The Biden administration has taken a much greater interest in cybersecurity matters, after a number of high profile incidents in the past year, including the attack on government contractor SolarWinds and oil pipeline operator Colonial Pipeline.
White House focus
The White House announced that these “high-profile cybersecurity incidents demonstrate that both US public and private sector entities increasingly face sophisticated malicious cyber activity.”
It said that cybersecurity threats and incidents affect businesses of all sizes, small towns and cities in every corner of the country, and the finances of families. Matters are not helped by a skills shortage, as nearly half a million public and private cybersecurity jobs remain unfilled, the White House said.
It said cybersecurity is a national security and economic security imperative for the Biden Administration and is prioritising and elevating cybersecurity like never before.
It pointed out that on 12 May, Presdent Biden signed an Executive Order to modernise Federal Government defences and improves the security of technology.
Internationally, the White House said the Biden Administration had rallied G7 countries to hold accountable nations who harbour ransomware criminals and to update NATO cyber policy for the first time in seven years.
The Biden Administration announced two specific actions it was taking:
- The first is that the US National Institute of Standards and Technology (NIST) will collaborate with industry and other partners to develop a new framework to improve the security and integrity of the technology supply chain. Basically it will offer guideline to public and private entities on how to build secure technology and assess the security of technology, including open source software. Microsoft, Google, IBM and others will take part in this NIST-led initiative.
- Secondly the Industrial Control Systems Cybersecurity Initiative is being officially expanded to a second major sector: natural gas pipelines. The Initiative has already improved the cybersecurity of more than 150 electric utilities that serve 90 million Americans.
But the meeting on Wednesday also saw a number of big name tech firms, whose CEOs attended the White House meeting, announced their own commitments and initiatives.
- Apple for example announced it will establish a new program to drive continuous security improvements throughout the technology supply chain. As part of that program, Apple will work with its suppliers – including more than 9,000 in the United States – to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
- Google meanwhile will invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security. Google also announced it will help 100,000 Americans earn industry-recognised digital skills certificates that provide the knowledge that can lead to secure high-paying, high-growth jobs.
- IBM announced it will train 150,000 people in cybersecurity skills over the next three years, and will partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to grow a more diverse cyber workforce.
- Microsoft is perhaps stumping up the most cash, after it announced it will invest $20 billion over the next 5 years to accelerate efforts to integrate cyber security by design and deliver advanced security solutions. Redmond also announced it will immediately make available $150 million in technical services to help federal, state, and local governments with upgrading security protection, and will expand partnerships with community colleges and non-profits for cybersecurity training.
- Amazon announced it will make available to the public at no charge the security awareness training it offers its staff. Amazon also announced it will make available to all Amazon Web Services account holders at no additional cost, a multi-factor authentication device to protect against cybersecurity threats like phishing and password theft.