White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending
The Biden administration on Wednesday announced initiatives to bolster supply chain and natural gas pipeline security, following a White House private sector cybersecurity summit where major companies pledged billions of dollars in cyber spending.
The National Institute of Standards and Technology will collaborate with industry to develop guidelines for building secure technology, in the first of two administration initiatives. In the other, the administration formally expanded its industrial control systems cybersecurity initiative — under which 150 electric utilities agreed to deploy control system security tech — to natural gas pipelines.
Tech giants, insurance companies and educational organizations exit the summit with cybersecurity commitments large and small. Among those vowing the biggest dedication of dollars: Microsoft announced $20 billion over five years to integrate “cybersecurity by design,” which means incorporating security into products as they’re being built, while Google announced $10 billion over the same period to expand “zero trust” programs, secure the software supply chain and improve open source security.
The effort comes after a June ransomware incident in which hackers breached Colonial Pipeline, forcing the company to halt fuel transportation across parts of the U.S. for days. Before that, alleged Russian spies leveraged SolarWinds, using that federal contractor as a means of infiltrating nine U.S. agencies.
Before meeting with the industry leaders, Biden called cybersecurity “the core national security challenge the American people are facing, and our economy is facing.”
With so much critical infrastructure in private ownership, “The federal government can’t meet this challenge alone,” he said.
“I’ve invited you all here today because you have the power, the capacity and responsibility, I believe, to raise the bar on cybersecurity,” the president told attendees.
Other private sector pledges included IBM vowing to train 150,000 people in cyber skills over three years, Coalition offering free risk assessment tools and Code.org saying it would teach cyber concepts to 3 million students over three years.
Amazon said it would provide multi-factor authentication devices to Amazon Web Services account holders who spend at least $100 a month. Apple said it would work with its suppliers to promote mass adoption of event logging, incident response, multi-factor authentication, security training and vulnerability remediation.
Many of those steps reflect a May executive order that Biden signed to bolster security within the federal government.
IBM Chief Executive Officer Arvind Krishna mirrored Biden’s sentiments about working together in a LinkedIn post.
“No private company can face this monumental challenge alone,” he said. “Now is the time for the public and private sectors to step up their collective efforts to improve our nation’s cybersecurity for decades to come.”
Coalition, Google, IBM, Microsoft and Travelers will partner on the NIST framework, which will include assessment of security technologies.
“Based on our technical expertise and our established open processes, we can jointly build a framework that will offer sound technical, trusted, practical solutions to help the nation better manage cybersecurity risks,” said James Olthoff, who is serving as NIST director.
Updated, 8/25/2021: to include additional details of the meeting.