Security news that informs and inspires

Tech Companies Pledge Billions for Critical Infrastructure Security Upgrades, Training

After decades of discussions between government officials and technology leaders, public-private partnerships, information sharing, and all manner of other efforts to significantly improve the security of the nation’s critical infrastructure and private networks, one meeting at the White House may turn out to be the biggest step forward.

On Wednesday, President Joe Biden met with leaders from many of the larger technology companies and platform providers to discuss options for addressing the security threats and technical debt facing the United States, and the result was commitments from Google, Microsoft, IBM, and other companies to invest tens of billions of dollars in technology, cybersecurity skills training, and other initiatives in the next few years. Google will spend $10 billion over the next five years on several programs, including an expansion of its zero trust initiative, securing the software supply chain, and training as many as 100,000 people through its Google Career Certificates program. Microsoft plans to spend $20 billion over the same period to improve its own product design and security processes, and will also spend $150 million to aid federal, state and local government agencies upgrade their security.

IBM also committed to training 150,000 people in cybersecurity and plans to partner with 20 historically Black colleges and universities to help diversify the security workforce.

All of this is part of a continued effort by the Biden administration to make significant improvements to the security of the country’s critical infrastructure, as well as making investments to address the skills shortage,

“But the reality is, most of our critical infrastructure owned and operated — is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said.

The last year has seen a string of high-profile and high-impact incidents that have affected both U.S. government agencies as well as critical infrastructure systems. The ransomware attack on Colonial Pipeline, the supply chain intrusions at SolarWinds and Kaseya, and others have drawn the attention of the Biden administration and spurred a number of actions. The president issued an executive order in May designed to help improve federal security and secure development practices.

“Too much of our software, including critical software, is shipped with significant vulnerabilities that our adversaries exploit,” according to the Biden administration. “This is a long-standing, well-known problem, but for too long we have kicked the can down the road. We need to use the purchasing power of the Federal Government to drive the market to build security into all software from the ground up."

The outcomes of Wednesday’s summit at the White House look promising, as have many other similar initiatives over the years, but it will be some time before the results are known.

“Governments and businesses are at a watershed moment in addressing cybersecurity. Cyber attacks are increasingly endangering valuable data and critical infrastructure. While we welcome increased measures to reinforce cybersecurity, governments and companies are both facing key challenges,” said Kent Walker, senior vice president of global affairs at Google.