Microsoft Pledges $20B Cybersecurity Investment After White House Talk
Big tech companies pledged money and efforts following an Aug. 25 Biden administration meeting on U.S. cybersecurity initiatives, as described in this White House announcement.
The pledges were an extension of the Biden administration's May executive order aiming to muster cybersecurity efforts following the SolarWinds supply-chain attack, "Hafnium" advanced persistent threat group attacks on Exchange Server, plus the ransomware attack on Colonial Pipeline's IT operations.
In July, the Biden administration announced further actions to protect critical U.S. infrastructure, much of which is voluntary for infrastructure owners and operators. That announcement acknowledged that critical U.S. infrastructure "is largely owned and operated by the private sector."
Following the Aug. 25 White House meeting, Microsoft pledged to "invest $20 billion over the next 5 years" on its cybersecurity efforts. The company also presently is offering "$150 million in technical services to help federal, state, and local governments with upgrading security protection." Microsoft is partnering with colleges and nonprofits, too, on cybersecurity training.
Satya Nadella, Microsoft's CEO, affirmed the $20 billion figure in low-key LinkedIn and Twitter posts.
In 2018, Microsoft had made a big splash in announcing a $5 billion investment in Internet of Things security, but this announcement was more toned-down. Microsoft did use the occasion, though, to tout its Azure security products for federal agencies, suggesting they could meet White House executive order requirements.
Other company pledges announced at the meeting included:
- Google's $10 billion investment over five years to "expand zero-trust programs, help secure the software supply chain, and enhance open-source security," while also offering digital skills certifications.
- IBM promising cybersecurity training to 150,000 people over the next three years in partnership with Black colleges and universities.
- Apple establishing continuous security improvements for the technology supply chain, working with its suppliers to adopt "multi-factor authentication, security training, vulnerability remediation, event logging, and incident response."
- Amazon promising to go public with its security awareness training used by employees, plus offering "a multi-factor authentication device" to Amazon Web Services customers at no added cost.
The announcement also listed pledges from insurance companies and educational institutions.
In addition, the National Institute of Standards and Technology (NIST) pledged to collaborate with industry on securing the technology supply chain and building secure software, including open source software.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.