President Biden met with private sector and education leaders this week to discuss the whole-of-nation effort needed to address cyber security threats. New cyber security initiatives have come out in response to incidents such as the SolarWinds breach, the Kaseya ransomware attack, and Microsoft Exchange hack, all of which had a ripple effect that impacted customers and companies along supply chains.
The National Institute of Standards and Technology (NIST) plans to teach public and private organizations how to create more secure technology including the use of open source software. Microsoft Google and IBM will join in this cyber security initiative along with insurance companies.
When it comes to critical infrastructure, there’s a new Industrial Control System (ICS) initiative, which is a voluntary effort between the federal government and critical infrastructure utilities to set up systems that will warn affected parties of potential cyber threats. This step comes in the wake of the colonial pipeline ransomware attack. The initiative has already improved the cybersecurity of more than 150 electric utilities that serve 90 million Americans, according to the White House.
At the White House meeting, Apple announced it would start a new program to improve security through the technology supply chain. The company plans to work with more than 9,000 suppliers in the US to push mass adoption of multi-factor identification, security training, vulnerability remediation, event logging and incident response.
IBM announced cyber security initiatives to arm 150,000 people with needed cybersecurity skills over the next three years and team up with 20 historically black colleges and universities to set up Cybersecurity Leadership Centers.
Microsoft announced cyber security initiatives to invest $20 billion over the next five years to push efforts to integrate cyber security by design. The company also said it would devote $150 million to help federal, state and local governments upgrade security defenses and would partner with community colleges and nonprofit organizations on cyber security training.
Amazon announced it would offer the same security awareness training to the public that it already offers to its own employees. The company also said it would provide all Amazon Web Services customers with a multifactor authentication device at no additional cost.
“If we want to see real progress when it comes to cybersecurity, the SEC must make it a requirement–not an incentive–for companies to report their security practices,” said Kevin Bocek, VP of security strategy & threat intelligence at security provider Venafi to TechRepublic. “Cybersecurity is just as important as revenue growth, and it’s now relevant for all companies… To keep up with this reality, security needs to become a CEO-level responsibility–something that their performance and compensation are based on. And only once the SEC takes a stance along these lines will CEOs and boards of directors get on board.”