US President Joe Biden urged Big Tech leaders to step up their game in enhancing the country’s cybersecurity following a series of high-profile cyber-attacks in recent months.
During a meeting with the chief executives of Amazon, Apple, Google, IBM, and Microsoft at the White House on Wednesday (25 August), Biden called on the industry leaders to contribute to upgrade the cybersecurity of critical infrastructure and supply chains.
The US president defined cybersecurity as a ‘core national security challenge’, and announced a new executive order that requires the federal government to only acquire tech products that meet certain cybersecurity standards.
According to Biden, this order “will have a ripple effect across the software industry, in our view, ultimately improving security for all Americans”.
He also announced that the National Institute of Standards and Technology (NIST) will collaborate with the private sector to develop new industry standards that would ensure the security and integrity of the technology supply chain. Microsoft, Google, IBM and two leading insurance companies already committed to the initiative.
Big Tech response
Several announcements followed the high-level meeting, which included top cybersecurity officials of the US administration.
Google and IBM announced training schemes for thousands of cybersecurity experts. Amazon similarly committed to making its internal cybersecurity training available to the public free of charge. According to the US administration, the current skills gap would mean half a million cybersecurity jobs risk remaining unfilled in the coming years.
Microsoft said it would spend $20 billion over five years on cybersecurity initiatives to accelerate efforts to integrate cyber security by design and deliver advanced security solutions.
Google committed to investing $10 billion in cybersecurity over the next five years as part of its “zero-trust” programmes, intended to protect digital networks by restricting user access.
Amazon also announced it will give the customers of its cloud computing service a multi-factor authentication device at no additional cost, which the e-commerce giant expects to improve their protection against cybersecurity threats like phishing and password theft.
Apple said it would launch a new programme to drive continuous security improvements throughout its supply chain, notably by encouraging its suppliers to adopt multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
More than 9,000 of Apple’s suppliers are located in the United States, according to the White House.
The United States has faced a growing number of ransomware and cyber-attacks in the past months. In May, a ransomware attack jeopardised the Colonial Pipeline, the country’s largest fuel pipeline, causing major disruptions on the West Coast for several days.
Similar disruptions affected the food supply chain in June, as meat giant JBS had to temporarily shut down its operations following a ransomware attack.
In December 2020, the US government suffered its worst cyberattack of all time as hackers managed to access sensitive information from local, state and federal agencies among the 30,000 public and private organisations affected.
All these cases were attributed to Russian hackers.
Cybersecurity was a central topic in the meeting Biden had with Russian President Vladimir Putin in Geneva in June, where he warned his Russian counterpart of serious consequences if the Kremlin did not reign in the hackers based in its territory.
Biden further raised the pressure in July, declaring that another major cyberattack might lead to a “real shooting war”.
The first six months of the Biden administration were positively received by the US cybersecurity community, which gave the administration’s approach “full marks”, according to a poll by the Washington Post.
[Edited by Zoran Radosavljevic]