US President Joe Biden staged a cyber security summit at the White House, and it’s produced quick results in the form of big tech making vague promises about stuff they think will improve the nation’s security
The premise of the event was Biden’s belief that America can’t go on being hurt by ransomware, state-backed disinformation naughtiness, and other forms of infosec-driven attacks, but can only sort it out with the help of private enterprise because the government can’t address security alone.
“The reality is, most of our critical infrastructure is owned and operated by the private sector,” Biden said as the event convened. “So I’ve invited you all here today because you have the power, the capacity, and the responsibility, I believe, to raise the bar on cyber security.”
The event saw more than 30 bigwigs from big tech, academia, finance, insurance, and the education sector talk about how to improve security. At one point attendees broke into three working groups – one on critical infrastructure resilience, another on building enduring cyber security, and a third on the cyber security workforce.
Just what went on inside the room was not revealed, but after the event a statement listed pledges by attendees.
Among them was a post from IBM CEO Arvind Krishna on LinkedIn titled “The Time To Prioritize Cybersecurity Is Now”. His plan is to release a product called “IBM Safeguarded Copy” that he said is “a new data storage solution that can shorten the time it takes for organizations to recover from days to hours.”
A spot of web searching revealed it’s actually a new capability of Big Blue’s existing IBM Copy Services Manager products. Only it will work on DS8000 storage systems, and involves the not-very-new technique of “many frequent copies of a production environment (for example, hourly copies maintained for a number of days)”.
So basically defending American industry from ransomware with frequent snapshots. Which American industry can already do today with tech from other storage vendors, or cloud services.
Amazon Web Services. contribution is a little more substantial. The company pledged to share the anti-social-engineering courseware it uses on its own people with the world, and to hand out free multi-factor authentication tokens with an unspecified group of qualified” account holders.
Apple also promised to step up on authentication, with “a new program to drive continuous security improvements throughout the technology supply chain” that will see it “drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response” among its suppliers.
Microsoft CEO Satya Nadella tweeted the following vague commitment – and The Register cannot find anything to suggest the figures mentioned have increased by a cent over past commitments:
Thank you @POTUS for convening a critical conversation on cybersecurity. Microsoft will invest $20 billion to advance our security solutions over the next 5 years, $150 million to help US government agencies upgrade protections, and expand our cybersecurity training partnerships.
— Satya Nadella (@satyanadella) August 25, 2021
Google pledged to “invest $10 billion over the next five years to strengthen cyber security, including expanding zero-trust programs, helping secure the software supply chain, and enhancing open-source security”. The digital advertising giant also promised to “train 100,000 Americans in fields like IT Support and Data Analytics, learning in-demand skills including data privacy and security”. No details on how those people will be recruited were offered, nor was the level of education discussed.
Code.org also promised to train more people, insurer Resilience set the security bar higher for would-be buyers of its cyber policies, and Girls Who Code announced it will “establish a micro credentialing program for historically excluded groups in technology”.
Dates for this stuff to happen were scarce, but the President came out of the event with evidence that private enterprise is helping. That at least was a better look than at the start of the event, when one of the reporters who was there to witness Biden’s opening remarks asked a question about one of the USA’s other big recent drives to ensure national security – the failed war in Afghanistan – and the Commander-In-Chief declined to answer. ®