Cyber Security updates
Sign up to myFT Daily Digest to be the first to know about Cyber Security news.
Several Big Tech companies made multibillion-dollar commitments that they said would shore up lacklustre cyber security defences in the US following a White House summit on Wednesday.
Joe Biden hosted more than 20 chief executives from the technology, energy, banking, insurance and education sectors to discuss broad deficiencies in US cyber capabilities.
The president, along with his commerce, energy and homeland security secretaries, addressed the group following several high-profile attacks on US infrastructure, including on the Colonial Pipeline in May, as well as a proliferation of ransomware attacks affecting businesses and public services.
Apple’s Tim Cook, Alphabet’s Sundar Pichai, Microsoft’s Satya Nadella and Amazon’s Andy Jassy were among the executives in attendance.
“The reality is, most of our critical infrastructure is owned and operated by the private sector,” Biden said in opening remarks. “And the federal government can’t meet this challenge alone.
“So I’ve invited you all here today because you have the power, the capacity and the responsibility, I believe, to raise the bar on cyber security.”
The president intended the event, announced in July, to be a “call to action” on the root causes of malicious online activity, a senior administration official said, with an emphasis on solving a cyber security skills shortage. The US has about 500,000 unfilled vacancies in the sector.
Following the meeting, the companies announced several measures they said would make the country better prepared for future threats.
Pichai said Alphabet’s Google unit would invest more than $10bn over the next five years with a focus on the “software supply chain” — the weaknesses found within the patchwork of third-party and often open-sourced technologies and protocols that underpin many critical services.
The company pledged to train 100,000 Americans in fields such as information technology support and data analytics as part of its existing Google Career Certificates programme.
IBM chief executive Arvind Krishna said his company would train 150,000 workers in cyber security over the next three years, working closely with historically black colleges and universities in an effort to increase diversity within the sector.
Microsoft, which itself was victim to a cyber attack in March, said it would spend $20bn on cyber security measures over five years, four times its current rate of investment. In addition, it would provide $150m in technical services to government nationally and locally to improve cyber security defences.
Amazon, which did not attach a monetary figure to its efforts, said it would share with the public the training materials it provided to its employees to protect sensitive information and guard against cyber attacks.
It also said “qualified customers” who use its AWS cloud services would receive free mutli-factor authentication devices — USB dongles that provide an added layer of security when logging in.
Apple had not shared its plans at the time of writing.
Jamie Dimon of JPMorgan Chase and Brian Moynihan of Bank of America were among the executives who attended from the banking sector. Other companies involved included the payroll software provider ADP and the energy companies ConocoPhillips and PG&E.
The meeting took place as Congress deliberates measures to address the raft of cyber attacks that have hit the public and private sectors over the past year, the most severe of which were said to have been perpetrated by actors based in Russia and China.
In December an attack on the Austin, Texas-based IT company SolarWinds, involved malignant code being inserted into software used by at least nine federal agencies and about 100 companies, officials have said. Attackers were said to have exploited the vulnerability for at least nine months.
In response, the bipartisan Cyber Incident Notification Act, introduced last month, seeks to enforce stricter rules on cyber attack disclosures for companies that work with the federal government or provide critical infrastructure.
In July Biden signed a national security memorandum outlining cyber security performance goals for critical infrastructure, such as essential services for power, water and transport.
It followed an executive order mandating minimum security standards for software sold to the government.
#techFT daily newsletter
#techFT brings you news, comment and analysis on the big companies, technologies and issues shaping this fastest moving of sectors from specialists based around the world. Click here to get #techFT in your inbox.