Immediately following a series of meetings at the White House on Wednesday to examine ways to strengthen the collective efforts of the federal government and private sector in bolstering the nation’s cybersecurity posture, the Biden administration announced more than a dozen new commitments and initiatives by industry, academia and government in the areas of supply chain and technology security, workforce development and best practices.
The National Institute of Standards and Technology (NIST), Alphabet [GOOG], and Apple [AAPL] are all launching programs to strengthen the security of the technology supply chain. NIST, which is part of the Department of Commerce, will work with industry and other partners to create new framework for the security and integrity of the technology supply chain.
Industry participants in the supply chain framework effort include Google, Microsoft [MSFT], and the insurance companies Travelers [TRV] and Coalition.
“The approach will serve as a guideline to public and private entities on how to build secure technology and assess the security of technology, including open-source software,” a White House fact sheet says.
In a separate effort, Apple is reaching down its supply chain with a multifaceted approach that will include “mass adoption” of multi-factor authentication, security training, vulnerability remediation, event logging and incident response.
Google, which is part of Alphabet, said it will spend $10 billion over five years to expand zero-trust efforts, better secure the software supply chain, and strengthen open-source security. The technology company will also assist 100,000 Americans develop earn digital skills certificates that could help them land jobs in high demand.
On the secure technology front, the administration formally expanded its voluntary Industrial Control Systems Cybersecurity Initiative to include natural gas pipelines. In April, the administration launched the ICS effort with the electricity sector, which is aimed at encouraging owners and operators of utilities to acquire technology and use best practices to enhance the cybersecurity of their networks and operational systems.
The ICS cyber sprint with the electricity sector has improved cybersecurity at utilities serving more than 90 million Americans, White House officials have said.
Microsoft said it will invest $20 billion over five years to accelerate efforts to bake in cybersecurity in the development of its products. The software giant also plans $150 million in technical services to help federal, state and local governments improve their security and will broaden its cybersecurity training efforts with community colleges and non-profit organizations.
Resilience, which is a cyber insurance provider, said it will require policy holders to meet a threshold of best practices in return for receiving insurance coverage. Coalition said it will provide its risk assessment and continuous monitoring platform to any organization for free.
The meeting between Biden, senior government officials and industry also resulted in a slew of commitments to strengthen cybersecurity skills and the talent pool. Estimates put the number of unfilled cybersecurity-related jobs in the U.S. at around 500,000, which has made workforce development a top priority for the government and private sector.
IBM [IBM] said it will train 150,000 people in cyber skills over the next three years and will help more than 20 Historically Black Colleges and Universities develop a more diverse cyber workforce.
Amazon [AMZN] said it will make a security awareness training program for its employees available to the public for free. It will provide for free a multi-factor authentication device to all of its cloud-service account holders.
Code.org, a non-profit that provides access to computer science in grades Kindergarten through high school, plans to teach cybersecurity concepts to more than 3 million students over three years, and Girls Who Code, another non-profit aimed at bringing women into the cyber workforce, will provide scholarships and early career opportunities to groups typically left out of technology tracks.
The Univ. of Texas System plans to host entry level cyber educational programs to upskill and reskill more than 1 million workers nationwide and Whatcom Community College in Washington has been designated a National Science Foundation Advanced Technological Education National Cybersecurity Center to provide cybersecurity education and training to faculty and be a support program for colleges to help students quickly move into the workforce.