Big Tech groups make cyber security pledges after White House summit


Cyber Security updates

Several Big Tech companies made multibillion-dollar commitments that they said would shore up lacklustre cyber security defences in the US following a White House summit on Wednesday.

Joe Biden hosted more than 20 chief executives from the technology, energy, banking, insurance and education sectors to discuss broad deficiencies in US cyber capabilities.

The president, along with his commerce, energy and homeland security secretaries, addressed the group following several high-profile attacks on US infrastructure, including on the Colonial Pipeline in May, as well as a proliferation of ransomware attacks affecting businesses and public services.

Apple’s Tim Cook, Alphabet’s Sundar Pichai, Microsoft’s Satya Nadella and Amazon’s Andy Jassy were among the executives in attendance.

“The reality is, most of our critical infrastructure is owned and operated by the private sector,” Biden said in opening remarks. “And the federal government can’t meet this challenge alone.”

The president wanted the event to be a “call to action” on the root causes of malicious online activity, a senior administration official said, with an emphasis on solving a cyber security skills shortage. The US has about 500,000 unfilled vacancies in the sector.


the amount Microsoft has pledged to spend on cyber security measures over five years, four times its current rate of investment

Following the meeting, the White House said the National Institute of Standards and Technology would work with companies to improve the integrity of the “software supply chain” — the weaknesses found within the patchwork of technologies and protocols that underpin many services.

Pichai said Alphabet’s Google unit would participate in that initiative, and invest more than $10bn in cyber security during the next five years. The company pledged to train 100,000 Americans in related fields.

Arvind Krishna, IBM chief executive, said his company would train 150,000 workers in cyber security over the next three years, working closely with historically black colleges and universities.

Microsoft, which was the victim of a cyber attack in March, said it would spend $20bn on cyber security over five years, four times its current rate of investment. In addition, it would provide $150m in technical services to government nationally and locally.

Amazon, which did not attach a monetary figure to its efforts, said it would share with the public the training materials it provided to its employees to guard against cyber attack.

It also said some AWS customers would receive free multi-factor authentication devices to provide an added layer of security when logging in.

Similarly, the White House said Apple had committed to push for stronger cyber security requirements among its suppliers.

Jamie Dimon of JPMorgan Chase and Brian Moynihan of Bank of America were among the executives who attended from the banking sector. Other companies involved included the payroll software provider ADP and the energy companies ConocoPhillips and PG&E.

Several insurance providers were also at the meeting. Cyber insurer Resilience said it would require policy holders to meet a threshold of cybersecurity best practice as a condition of receiving coverage.

The meeting took place as Congress deliberates measures to address the raft of cyber attacks that have hit the public and private sectors over the past year, the most severe of which were said to have been perpetrated by actors based in Russia and China.

In December an attack on the Austin, Texas-based IT company SolarWinds, involved malignant code being inserted into software used by at least nine federal agencies and about 100 companies, officials have said. Attackers were said to have exploited the vulnerability for at least nine months.

In response, the bipartisan Cyber Incident Notification Act, introduced last month, seeks to enforce stricter rules on cyber attack disclosures for companies that work with the federal government or provide critical infrastructure.

In July Biden signed a national security memorandum outlining cyber security performance goals for critical infrastructure, such as essential services for power, water and transport.

It followed an executive order mandating minimum security standards for software sold to the government.

#techFT daily newsletter

#techFT brings you news, comment and analysis on the big companies, technologies and issues shaping this fastest moving of sectors from specialists based around the world. Click here to get #techFT in your inbox.