After White House Tech Summit, Apple Pledges to Develop Program to Improve Supply Chain Security

Leaders of major tech companies met with US president Joe Biden at the White House yesterday to discuss cybersecurity threats and pledged to invest in the sector.

The White House said the meeting was “to discuss opportunities to bolster the nation’s cybersecurity in partnership and individually.” In attendance were leaders from Apple, Microsoft, Google, IBM, and Amazon, among others.

“Most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” US President Joe Biden told the group. “You have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity.”

Here’s what the tech companies in attendance promised:

• Apple: Working with suppliers “to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response,” according to the White House. The commitment includes working with its suppliers, including more than 9,000 in the US, to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
• Microsoft: $20 billion USD over the next five years to integrate cybersecurity into its products and services — a fourfold increase from the annual $1 billion it pledged several years ago. It will also commit $150 million to help governments at all levels upgrade their protections.
• Google: $100 million USD for outside foundations that work to fix security vulnerabilities and a promise to help 100,000 people in the U.S. earn Google certificates in “in-demand skills including data privacy and security.”
• IBM: Training 150,000 people in cybersecurity skills over the next three years as well as other commitments, such as continuing its research into how to preserve encryption that may become threatened by quantum computing.
• Amazon: Making its “digestible and succinct curriculum” for employees on cybersecurity free “to both organizations and individuals,” and offering a multifactor authentication device on the house to “qualified AWS account holders.”

President Biden issued a cybersecurity executive order in early May, requiring federal agencies to modernize their cyber defenses.

The Biden Administration earlier this year also launched a 100-day initiative to improve cybersecurity across the electric sector. On Wednesday, the administration announced the initiative has improved the cybersecurity posture of more than 150 electric utilities and would now expand to natural gas pipelines.

The meeting comes in the wake of a series of dramatic cybersecurity incidents, including the Colonial Pipeline ransomware attack that shut down gas and oil deliveries throughout the southeast US, the SolarWinds software supply chain attack, and an extensive hack on Microsoft Exchange servers.