Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks to data, organizations, and governments worldwide.
The White House cybersecurity meeting, which brought together executives from the education, energy, finance, insurance, and tech sectors, included companies like ADP, Amazon, Apple, Bank of America, Code.org, Girls Who Code, Google, IBM, JPMorgan Chase, Microsoft, and Vantage Group, among others.
To that end, the U.S. government on Wednesday announced a collaboration between the National Institute of Standards and Technology (NIST) and industry partners to develop a new framework to improve the security and integrity of the technology supply chain, alongside plans to expand the Industrial Control Systems Cybersecurity Initiative to secure natural gas pipelines.
The big tech sector is also rallying behind with a roster of initiatives, including —
- Microsoft will invest $20 billion over the next five years to deliver advanced security solutions, in addition to making available $150 million in technical services to help federal, state, and local governments with upgrading security protections.
- Google will invest over $10 billion to bolster cybersecurity, including expanding zero-trust programs, helping secure the software supply chain and enhancing open-source security. It's worth noting that the search giant, earlier this June, announced a framework called the Supply chain Levels for Software Artifacts (SLSA or "salsa") to safeguard the integrity of software supply chains.
- Apple will work with more than 9,000 of its suppliers to push for mass adoption of multi-factor authentications, vulnerability remediation, event logging, and security training.
- IBM will train 150,000 people in cybersecurity skills over the next three years, and will partner with 20 Historically Black Colleges & Universities to establish a more diverse cyber workforce.
- Amazon will make available to all Amazon Web Services account holders a multi-factor authentication device to protect against phishing and password theft at no extra cost.
While it remains to be seen how these efforts will unfold in practice, the commitments demonstrate the urgency in prioritizing and elevating cybersecurity after a relentless stretch of high-profile cyber attacks targeting SolarWinds, Microsoft, Colonial Pipeline, JBS, and Kaseya in recent months. The incidents also prompted U.S. President Joe Biden to issue an executive order in May requiring federal agencies to modernize their cybersecurity defenses.