As I mentioned in the close of the show yesterday, the White House hosted a meeting of top tech leaders to discuss the US cyber defenses. Here are some of those out comes, quoting generously from TechRepublic.
- NIST will work with businesses to improve the security of the technology supply chain, with a goal of teaching organizations how to create more secure technologies.
- The Industrial Control Systems Cybersecurity Initiative will expand to a second major sector – natural gas pipelines. The first was electric utilities.
- Apple is working with its suppliers in the US to push mass adoption of multifactor authentication, security training, vulnerability remediation, event logging and incident response.
- Google will invest $10 billion over the next five years to expand expand zero-trust technology, better secure the software supply chain, and enhance security for open source technologies.
- IBM plans to train 150,000 people in cybersecurity skills over the next three years and team up with 20 Historically Black Colleges and Universities to set up Cybersecurity Leadership Centers
- Microsoft revealed an investment of $20 billion over the next five years to push efforts to integrate security by design in technology products. The company also said it would immediately devote $150 million to help federal, state and local governments upgrade their security defenses and would partner with community colleges and nonprofit organizations on cybersecurity training.
- Amazon said it would offer the same security awareness training to the public that it already offers to its own employees. The company added that it would provide all Amazon Web Services customers with a multifactor authentication device at no additional cost.
- Cyber insurance providers also plan to do their part to push security among its customers. Resilience said it would require policy holders to meet a certain level of cybersecurity best practices before receiving insurance coverage. Coalition announced that it would freely offer its cybersecurity risk assessment and continuous monitoring platform to any organization.
Why do we care?
Let’s start with the last item. Analysts cited the inclusion of insurance companies, and I will too. That’s a big deal. Insurance requirements are a kind of indirect regulation, and an obvious way to impose standards. Expect to see a lot more here.
None of these announcements are spontaneous – no organization of the kind of size in this room makes this up as they go along, so it’s clear this was planned and coordinated. That isn’t a bad thing. Rules will begin to set the standards, and coordination among all parties will be required.
In this list are both resources for providers – like Amazon’s training and NIST’s guidance – as well as ideas for offerings. These moves can be replicated at a smaller level for clients.