August 26, 2021
Tech companies pledge billions in cybersecurity investments
Some of the country's leading technology companies have committed to investing billions of dollars to strengthen cybersecurity defenses and to train skilled workers, the White House announced Wednesday following President Joe Biden's private meeting with top executives.
The Washington gathering was held during a relentless stretch of ransomware attacks that have targeted critical infrastructure and major corporations, as well as other illicit cyber operations that U.S. authorities have linked to foreign hackers.
The Biden administration has been urging the private sector to do its part to protect against those increasingly sophisticated attacks. In public remarks before the meeting, Biden referred to cybersecurity as a "core national security challenge" for the U.S.
"The reality is most of our critical infrastructure is owned and operated by the private sector, and the federal government can't meet this challenge alone," Biden said. "I've invited you all here today because you have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity."
After the meeting, the White House announced that Google had committed to invest $10 billion in cybersecurity over the next five years, money aimed at helping secure the software supply chain and expand zero-trust programs. The Biden administration has looked for ways to safeguard the government's supply chain following a massive Russian government cyberespionage campaign that exploited vulnerabilities and gave hackers access to the networks of U.S. government agencies and private companies.
Microsoft, meanwhile, said it would invest $20 billion in cybersecurity over the next five years and make available $150 million in technical services to help local governments upgrade their defenses. IBM plans to train 150,000 people in cybersecurity over three years, Apple said it would develop a new program to help strengthen the technology supply chain, and Amazon said it would offer to the public the same security awareness training it gives to employees.
Top executives of each of those companies were invited to Wednesday's meeting, as were financial industry executives and representatives from the energy, education and insurance sectors. A government initiative that at first supported the cybersecurity defenses of electric utilities has now been expanded to focus on natural gas pipelines, the White House said Wednesday.
Though ransomware was intended as one aspect of Wednesday's gathering, a senior administration official who briefed reporters in advance said the purpose was much broader, centered on identifying the "root causes of any kind of malicious cyber activity" and also ways in which the private sector can help bolster cybersecurity. The official briefed reporters on the condition of anonymity.
The meeting took place as Biden's national security team has been consumed by the troop withdrawal in Afghanistan and the chaotic evacuation of Americans and Afghan citizens. That it remained on the calendar indicates the administration regards cybersecurity as a major agenda item, with the administration official describing Wednesday's meeting as a "call to action."
The broad cross-section of participants underscores how cyberattacks have cut across virtually all sectors of commerce. In May, for instance, hackers associated with a Russia-based cyber gang launched a ransomware attack on a major fuel pipeline in the U.S., causing the pipeline to temporarily halt operations. Weeks later, the world's largest meat processor, JBS, was hit with an attack by a different hacking group.
In both instances, the companies made multimillion-dollar ransom payments in an effort to get back online.
Biden on Wednesday pointed to a summit with Russian President Vladimir Putin in June when he said he made clear his expectation that Russia take steps to rein in ransomware gangs because "they know where (the hackers) are and who they are."
© 2021 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.