Big Tech pledges to shore up US cyber security defences

Chief executives from tech, energy, banking, insurance and education meet at White House summit

President Joe Biden speaks during a meeting about cybersecurity in the East Room of the White House. Photograph: Drew Angerer/Getty Images

President Joe Biden speaks during a meeting about cybersecurity in the East Room of the White House. Photograph: Drew Angerer/Getty Images

 

Several Big Tech companies made multibillion-dollar commitments to shore up lacklustre US cyber security defences following a White House summit on Wednesday.

Joe Biden hosted more than 20 chief executives from the technology, energy, banking, insurance and education sectors to discuss broad deficiencies in the country’s cyber capabilities.

The president, along with his commerce, energy and homeland security secretaries, addressed the group following several high-profile attacks on US infrastructure, including on the Colonial Pipeline in May, as well as a proliferation of ransomware attacks affecting businesses and public services.

Apple’s Tim Cook, Alphabet’s Sundar Pichai, Microsoft’s Satya Nadella and Amazon’s Andy Jassy were among the executives in attendance.

“The reality is, most of our critical infrastructure is owned and operated by the private sector,” Biden said in opening remarks. “And the federal government can’t meet this challenge alone.”

The president wanted the event to be a “call to action” on the root causes of malicious online activity, a senior administration official said, with an emphasis on solving a cyber security skills shortage. The US has about 500,000 unfilled vacancies in the sector.

Supply chain integrity

Following the meeting, the White House said the National Institute of Standards and Technology would work with companies to improve the integrity of the “software supply chain” and address weaknesses found within the patchwork of technologies and protocols that underpin many services.

Mr Pichai said Alphabet’s Google unit would participate in that initiative and invest more than $10bn in cyber security during the next five years. The company pledged to train 100,000 Americans in related fields.

Arvind Krishna, IBM chief executive, said his company would train 150,000 workers in cyber security over the next three years, working closely with historically black colleges and universities.

Microsoft, which was the victim of a cyber attack in March, said it would spend $20bn on cyber security over five years, four times its current rate of investment. In addition, it would provide $150m in technical services to the national and local governments.

Amazon, which did not attach a monetary figure to its efforts, said it would share training materials it provided to its employees to guard against cyber attacks with the public.

It also said some Amazon Web Services customers would receive free multi-factor authentication devices to provide an added layer of security.

The White House said Apple had also committed to pushing for stronger cyber security protocols among its suppliers.

Jamie Dimon of JPMorgan Chase and Brian Moynihan of Bank of America were among the executives who attended from the banking sector. Other companies involved included the payroll software provider ADP and the energy companies ConocoPhillips and PG&E.

Several insurance providers were also at the meeting. Cyber insurer Resilience said it would require policyholders to meet a threshold of cyber security best practice as a condition of receiving coverage.

Cyber attack s

The meeting took place as Congress deliberates measures to address the raft of cyber attacks that have hit the public and private sectors over the past year, the most severe of which were said to have been perpetrated by actors based in Russia and China.

In December an attack on the Austin, Texas-based IT company SolarWinds, involved malignant code being inserted into software used by at least nine federal agencies and about 100 companies, officials have said. Attackers were said to have exploited the vulnerability for at least nine months.

In response, the bipartisan Cyber Incident Notification Act, introduced last month, seeks to enforce stricter rules on cyber attack disclosures for companies that work with the federal government or provide critical infrastructure.

In July Biden signed a national security memorandum outlining cyber security performance goals for critical infrastructure, such as essential services for power, water and transport.

It followed an executive order mandating minimum security standards for software sold to the government. – Copyright The Financial Times Limited 2021