IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Google, Microsoft Pledge Billions After White House Meeting

The White House, tech firms, insurers and educational organizations announced near-future steps to improve national cybersecurity, including new NIST guidelines and tech support for governments looking to upgrade defenses.

Microsoft sign
Shutterstock/ungvar
The White House, big tech firms, cyber insurers and educational organizations are pledging to pour more resources into improving the nation’s cybersecurity, on the heels of an Aug. 25 meeting among the parties.

Public and private partners promised a variety of near-term funds and initiatives aimed at improving software supply chain security, expanding the cybersecurity workforce and improving the cyber hygiene of organizations and the general public.

The National Institute of Standards and Technology (NIST) will develop a new framework focused on improving technology supply chain security, the White House announced in a press release. The guidelines will address secure technology development and open source software security evaluations. NIST will collaborate on the effort with several partners, including big tech firms and insurers.

Private firms brought their own initiatives to the table as well, with Apple promising to engage its suppliers around the world in adopting more secure practices such as multi-factor authentication (MFA), event logging and security training, according to the White House.

Google, meanwhile, promised to commit $10 billion over five years in efforts aimed at improving software supply chain and open source security and at increasing use of zero trust, per the release.

Google Senior Vice President of Global Affairs Kent Walker announced in a blog post that some of these investments will go toward advancing the adoption of the Supply Chain Levels for Software Artifacts (SLSA) framework, which is designed to help users evaluate the integrity of software supply chains. Similarly, a $100 million slice of the pledged funding will be directed to third-party organizations that focus on open source security, Walker said.

Microsoft, in turn, intends to spend $20 billion over five years on efforts to design products that are more cyber secure and to produce more advanced security services, the White House release stated.

The federal government also said it would proceed with previously outlined plans to expand its Industrial Control Systems Cybersecurity Initiative. The effort focused on the electricity sector at first launch and now will include natural gas pipelines as well. The initiative aims to better protect critical infrastructure, in part by encouraging voluntary adoption of threat detection and response tools and by improving federal threat information sharing with the targeted sectors.

Meeting attendees promised both free tools and incentives to put organizations and individuals onto more secure cyber footing.

Cyber insurer Coalition, for example, said it would let organizations access its cybersecurity risk assessment and continuous monitoring platform for free, while Microsoft spotlighted the public sector by pledging $150 million worth of technical services to help local, state and federal agencies improve their defenses, per the White House release.

Amazon turned its attention to the general population, saying it would make its employee security awareness trainings freely available to the public.

Meanwhile, other entities turned to restrictions rather than freebies, with cyber insurer Resilience saying it would only cover clients that met a certain minimum standard of cyber best practices.

Traditional educational institutions, nonprofits and tech companies also sought to bring people from various stages of life onto the path to cybersecurity careers, with particular focus on reaching underrepresented populations.

K-12-focused Code.org promised to teach online safety practices and promote cybersecurity career paths to more than 3 million children over three years, while University of Texas System said it would help those already in the workforce. UT System will enable the latter to get entry-level cyber credentials — without having to go through a traditional higher education degree program — via short-term training programs that the entity will expand and add to.

IBM said it would work with more than 20 historically Black colleges and universities (HBCUs) to create Cybersecurity Leadership Centers, and Girls Who Code said it intends to offer more early career and scholarship opportunities via a micro credentialing program focused on groups underrepresented in the cybersecurity field.