Tech giants — including Google, Amazon, Microsoft, Apple, and IBM — are among several organizations announcing new initiatives to invest in US cybersecurity following a meeting with President Joe Biden at the White House that included private sector and education leaders.
As part of this week's announcements, the Biden administration shared that the National Institute of Standards and Technology (NIST) will work with industry and other partners "to develop a new framework to improve the security and integrity of the technology supply chain," officials wrote in a release.
"The approach will serve as a guideline to public and private entities on how to build secure technology and assess the security of technology, including open source software," they say. Microsoft, Google, IBM, Travelers, and Coalition have committed to joining the initiative.
In addition, the administration announced the expansion of the Industrial Control Systems Cybersecurity Initiative to include natural gas pipelines.
The news from private sector companies ranges from billion-dollar investments, to driving adoption of multifactor authentication, to including more security training both in the classroom and in the enterprise.
Over the next five years, Microsoft plans to invest $20 billion to drive efforts to "integrate cyber security by design and deliver advanced security solutions," White House officials wrote. The company will make $150 million immediately available in the form of technical services to help federal, state, and local governments with security protection. It also plans to grow partnerships with community colleges and nonprofits to expand cybersecurity training.
Google plans to invest $10 billion over the next five years to strengthen cybersecurity. The money will go toward expanding zero-trust programs, helping secure the software supply chain, and enhancing open source security. In addition, Google pledges to train 100,000 Americans in areas such as IT support and data analytics, and include education in data privacy and security, through the Google Career Certificate Program.
"Robust cybersecurity ultimately depends on having the people to implement it," Kent Walker, senior vice president of global affairs at Google, wrote in a blog post. "That includes people with digital skills capable of designing and executing cybersecurity solutions, as well as promoting awareness of cybersecurity risks and protocols among the broader population."
Training is also part of Amazon's new initiatives, which include the public release of the security training materials it uses to keep its own employees and sensitive data safe from cyberattack. The company has designed a curriculum that employees use to anticipate and learn about the attacks they might face; starting in October, this will be available to businesses and individuals.
Also starting in October, qualified Amazon Web Services account holders can receive a free multifactor authentication device to better protect AWS accounts from phishing, session hijacking, man-in-the-middle, and other cyberattacks, according to company officials.
Apple plans to create a new program for security improvements throughout the supply chain. As part of this, it will work with its suppliers — including more than 9,000 throughout the US — to drive adoption of MFA, security training, vulnerability remediation, and incident response.
IBM has committed to training 150,000 people in security over the next three years. Its efforts will include partnerships with at least 20 historically Black colleges and universities to create Cybersecurity Leadership Centers and, in doing so, create a more diverse cyber workforce.