U.S. President Joe Biden invited Apple CEO Tim Cook, Microsoft CEO Satya Nadella, and Amazon President and CEO Andy Jassy to the White House to discuss how the private industry can help fight ransomware and software supply chain attacks.
According to Bloomberg, the upcoming talks will focus on the U.S.’s resilience to major cyberattacks on critical infrastructure. Biden has previously spoken solemnly with Russian President Vladimir Putin about cyberattacks on infrastructure.
In July, Biden said that if the U.S. were to engage in a “real hot war,” it might be to counter major cyberattacks. During the COVID-19 pandemic, U.S. government agencies and critical infrastructure providers have faced numerous ransomware and cyber espionage attacks, including a backdoor incident in the SolarWinds software supply chain, as well as ransomware attacks on Colonial Pipeline, Kaseya, and meat company JBS.
Cook, Nadella and Jassie plan to attend the meeting on the 24th, according to Bloomberg.
The CEOs of Google, IBM, Southern Co and JPMorgan were also invited to discuss how infrastructure companies in banking, energy and water utilities can improve cybersecurity and collaborate with governments.
In response to Biden’s May cybersecurity executive order, Microsoft, AWS, Cisco, FireEye and IBM are now engaging in government-led efforts to support critical U.S. infrastructure.
Following the White House meeting, Google and Microsoft pledged to invest tens of billions of dollars in cybersecurity, with Apple, Amazon and IBM contributing their own cybersecurity commitments.
On August 25, U.S. President Biden held a cybersecurity conference at the White House. He obtained the promise of mainstream technology companies in national cybersecurity work, and promoted the technology giants to invest heavily in improving the resilience of the United States to cyberattacks. For example, Microsoft and Google have each pledged tens of billions of dollars in cybersecurity-specific investments.
The meeting stems from a string of recent major cybersecurity incidents, including the Colonial Pipeline ransomware attack (which disrupted oil and gas supplies in the southeastern United States), the SolarWinds software supply chain attack, and a massive hack of Microsoft’s Exchange servers.
In a statement, the U.S. government said addressing cybersecurity threats would require “a concerted effort by the entire nation.” to this end:
Microsoft has announced that it will invest $20 billion over the next five years to drive “cybersecurity by design” and deliver advanced security solutions. The company also announced that it will immediately provide $150 million in technology services to help U.S. federal, state and local governments improve their security.
Google has pledged to invest $10 billion over the next five years to expand its Zero Trust program to help secure software supply chains and enhance open source security. The company also said it will help 100,000 Americans earn industry-recognized digital skills certifications.
Apple will set up new programs to make technology supply chains more secure. As part of this effort, the company plans to work with its vendors to promote multi-factor authentication, driving security training, bug remediation, event logging and cybersecurity incident response.
IBM claims it will train 150,000 people in cybersecurity skills over the next three years, and will partner with more than 20 traditionally black colleges and universities to establish a cybersecurity leadership center.
Amazon claims it will provide free multi-factor authentication devices for AWS account holders. The company also plans to make its current security awareness training for employees free to the public.
Cyber insurance providers and educational institutions have also pledged to the U.S. government to improve national security.
Earlier this year, the Biden administration also launched a 100-day plan to improve cybersecurity across the power industry. On Aug. 25, the U.S. government announced that the program has improved the cybersecurity posture of more than 150 electric utilities and is now expanding into natural gas pipelines.
In addition, the White House said the National Institute of Standards and Technology (NIST) will develop a new framework to improve the security and integrity of technology supply chains. NIST will advance this work in collaboration with partners such as Microsoft, Google and IBM.
European cybersecurity teams are also concerned about the rise of software supply chain attacks because it is so difficult to verify third-party code, whether open source or proprietary.
The SolarWinds attack, which resulted in data breaches from Microsoft, several top U.S. cybersecurity firms and several government agencies, underscores the cybersecurity risks to critical U.S. infrastructure.
Other threats come from commonly used enterprise software, such as Microsoft’s Exchange server, which is rumored to be exploited by Chinese hackers before Microsoft rolls out a patch.