US President Joe Biden has staged a cyber security summit at the White House, and it's produced quick results in the form of big tech making vague promises about stuff they think will improve the nation's security
The premise of the event was Biden's belief that America can't go on being hurt by ransomware, state-backed disinformation naughtiness, and other forms of infosec-driven attacks, but as government can't address security alone private enterprise must weigh in with its own efforts.
"The reality is, most of our critical infrastructure is owned and operated by the private sector," Biden said as the event convened. "So I've invited you all here today because you have the power, the capacity, and the responsibility, I believe, to raise the bar on cyber security."
The event saw more than 30 bigwigs from big tech, academia, finance, insurance, and the education sector talk about how to improve security. At one point attendees broke into three working groups – one on critical infrastructure resilience, another on building enduring cyber security, and a third on the cyber security workforce.
Just what went on inside the room was not revealed, but after the event a statement listed pledges by attendees.
IBM's promises were detailed by CEO Arvind Krishna on LinkedIn in a missive titled "The Time To Prioritize Cybersecurity Is Now". One element of that plan is to release a product called "IBM Safeguarded Copy" that he said is "a new data storage solution that can shorten the time it takes for organizations to recover from days to hours."
A spot of web searching revealed it's actually a new capability of Big Blue's existing IBM Copy Services Manager products. It will only work on IBM's DS8000 storage systems, and involves the not-very-new technique of creating "many frequent copies of a production environment (for example, hourly copies maintained for a number of days)" so that in the event of an attack, restoration comes from a recently-retained copy of corporate data.
So basically defending American industry from ransomware with frequent snapshots. Which American industry can already do today with tech from other storage vendors, or cloud services.
Amazon Web Services' contribution was a little more substantial. The company pledged to share the anti-social-engineering courseware it uses on its own people with the world, and to hand out free multi-factor authentication tokens with an unspecified group of qualified" account holders.
Apple also promised to step up on authentication, with "a new program to drive continuous security improvements throughout the technology supply chain" that will see it "drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response" among its suppliers.
- Biden warns 'real shooting war' will be sparked by severe cyber attack
- US Surgeon General doubles down on Facebook-bashing amid vaccination information blame game
- Biden order calls for net neutrality, antitrust action, ISP competition – and right to repair your own damn phone
Microsoft CEO Satya Nadella tweeted the following vague commitment – and The Register cannot find anything to suggest the figures mentioned have increased by a cent over past commitments:
Thank you @POTUS for convening a critical conversation on cybersecurity. Microsoft will invest $20 billion to advance our security solutions over the next 5 years, $150 million to help US government agencies upgrade protections, and expand our cybersecurity training partnerships.— Satya Nadella (@satyanadella) August 25, 2021
Google pledged to "invest $10 billion over the next five years to strengthen cyber security, including expanding zero-trust programs, helping secure the software supply chain, and enhancing open-source security". The digital advertising giant also promised to "train 100,000 Americans in fields like IT Support and Data Analytics, learning in-demand skills including data privacy and security". No details on how those people will be recruited were offered, nor was the level of education discussed.
Code.org also promised to train more people, insurer Resilience set the security bar higher for would-be buyers of its cyber policies, and Girls Who Code announced it will "establish a micro credentialing program for historically excluded groups in technology".
Dates for this stuff to happen were scarce, but the President came out of the event with evidence that private enterprise is doing stuff. That at least was a better look than at the start of the event, when one of the reporters who was there to witness Biden's opening remarks asked a question about one of the USA's other big recent drives to ensure national security – the failed war in Afghanistan – and the Commander-In-Chief declined to answer. ®