The White House has announced a series of initiatives that will be carried out by private American companies.
The efforts include training, education, awareness, risk mitigation, and MFA adoption programs.
Most of what was announced are steps in the right direction, even if some may not be overly adequate.
U.S. President Joe Biden and his cybersecurity advisory committee have met with various private sector leaders to discuss ways to bolster the nation’s stance and how they can help on their part. It appears that the meeting was very productive, as the White House has released a statement to announce all the ambitious initiatives they have decided to run from now on.
The private sector participants have committed to the following:
Collaborate with NIST (National Institute of Standards and Technology) to develop a new security framework that will underpin their technology supply chain.
Apple will establish a new program involving more than 9,000 suppliers in the U.S. to drive the mass adoption of MFA, vulnerability remediation, event logging, and incident response.
Google will invest $10 billion over the next five years to expand zero-trust programs, enhance open-source security, and support over 100,000 Americans to acquire industry-recognized infosec certificates.
IBM will train 150,000 people in cybersecurity over the next three years, partnering with over twenty universities and colleges for the purpose.
Microsoft will invest $20 billion over the next five years to accelerate the efforts to integrate cybersecurity by design and deliver advanced security solutions. Additionally, $150 million will be made immediately available to support cybersecurity training in various fields.
Amazon will offer free-of-charge security awareness training to the public, including AWS account holders, helping them protect their data online.
Cyber insurance providers Resilience and Coalition announced the introduction of stricter “best practice” policies as well as the offering of free risk assessment and monitoring.
Code.org will teach over 3 million students about online safety and cybersecurity in the next three years.
Girls Who Code will run scholarship programs and ‘early career opportunity’ initiatives to support historically excluded groups in the field.
The University of Texas will expand its cybersecurity education programs to upskill or reskill over a million workers across the nation, making many entry-level infosec programs available to a wider audience.
The Whatcom Community College will now provide “fast-track” infosec education programs that will result in more professionals being made available to the national job market in the next couple of years.
Jake Williams, CTO at BreachQuest, has told us while commenting on the above:
While everything in the press release is positive from a cybersecurity perspective, I’m especially excited to see that Resilience is requiring minimum cybersecurity standards as a condition of coverage. Many organizations view cyber insurance as an alternative to implementing security controls rather than as a complement to those controls.
Amazon’s offer of free cybersecurity awareness training is a game-changer, particularly for small to mid-sized businesses. Security awareness training can have substantial impacts in preventing breaches. Amazon’s training will put a quality product within reach for organizations that wouldn’t have it otherwise, likely preventing thousands of breaches every year. If there’s one thing in the announcement that will give threat actors the biggest headache, this is it.
While it is very encouraging that Apple is focusing on ensuring supply chain security, its iOS operating system continues to be a black box for defenders. This prevents relatively easy detection of exploitation of these devices, as was observed recently with NSO. Zero-day exploits in iOS will remain an outsized threat until network defenders can gain visibility into operations on these devices.
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: