Biden Administration, private tech companies reveal initiatives to boost national cybersecurity...

Shawn Knight

Posts: 13,626   +139
Staff member
In brief: President Biden this week met with private sector and educational leaders to discuss opportunities to bolster the nation’s cybersecurity following a string of nasty cyberattacks including the Colonial Pipeline ransomware attack and the SolarWinds hack. With any luck, renewed efforts will also help to fill the nearly 500,000 open public and private cybersecurity jobs.

As rumored, representatives for some of the nation’s top tech companies were in attendance, and it sounds as if it was a relatively productive meeting.

The National Institute of Standards and Technology (NIST) will work with industry partners including Google, Microsoft, IBM, Travelers and Coalition to create a new framework that improves the security and integrity of the technology supply chain. Hopefully, their work will serve as a guideline to public and private entities on how to assess and build secure technology.

Google plans to invest $10 billion over the next half decade to enhance open-source security, expand zero-trust programs and help secure the software supply chain. The search giant will additionally help 100,000 Americans earn technical certificates that can lead to high-quality, high-growth jobs.

Microsoft said it will invest $20 billion over the next five years to accelerate efforts to “integrate cyber security by design” and deliver advanced security solutions to customers. The Redmond-based tech giant will also immediately make available $150 million in technical services to help local, state and federal governments upgrade their security measures, in addition to expanding partnerships with non-profits and community colleges for cybersecurity training.

Amazon, meanwhile, vowed to make the security awareness training used by its employees available to the public for free. Furthermore, the e-commerce titan will supply Amazon Web Services account holders a multi-factor authentication device free of charge.

IBM plans to train 150,000 people in the field of cybersecurity over the next three years. Furthermore, the tech company will partner with more than 20 historically black colleges and universities to establish cybersecurity leadership centers in hopes of growing a more diverse workforce.

Apple said it will create a new program designed to seed continuous security improvements throughout the tech supply chain. The company’s plan includes pushing for mass adoption of multi-factor authentication and bolstering areas like vulnerability remediation, incident response, event logging and security training.

Resilience, Coalition, Code.org, Girls Who Code and the University of Texas System also made pledges to the industry, but for the sake of brevity, we’ll leave those details over in the White House press release for anyone that wants to learn more about them.

The Biden Administration also formally expanded the Industrial Control Systems Cybersecurity Initiative to include natural gas pipelines. According to the White House, this initiative has already succeeded in improving the cybersecurity of more than 150 electric utilities across the country that collectively serve some 90 million Americans.

Permalink to story.

 

Uncle Al

Posts: 8,369   +7,177
So what ever happened to that "new & improved internet" that was all the rage a few years back? Did it become so profitable for security companies that they paid for it to stop? I even recall discussions about how they could make the internet hack-proof. Now there's something worthy of an in depth investigation .....
 

Danny101

Posts: 1,952   +818
No matter how secure the infrastructure is, Introducing backdoors for law enforcement purposes still won't ever work. Law enforcement will have to stop being lazy and do actual investigations.
 

wiyosaya

Posts: 6,766   +5,210
It would be nice. Trump failed and now Biden is failing, so something that works would be nice.
Well, I hate to say this and I am sure that I will be immolated for it by those who disagree, but in Biden's defense, especially with Afghanistan, he is cleaning up Trump's nuclear dumpster fire. Or perhaps it is W's nuclear dumpster fire?

IMO, in the same circumstances, no president would be able to pour enough nuclear moderator onto the dumpster fire to make it look like he is doing a good job, and at least one of the past presidents would be spinning the bad job into a great job that could be done no better. At least Biden is owning it where as others are just pointing to Biden perhaps to avoid their own culpability. - IMO, its massive whataboutism.

Back on topic even if this does not ultimately prove to work, it is an opportunity to learn.
 

wiyosaya

Posts: 6,766   +5,210
So what ever happened to that "new & improved internet" that was all the rage a few years back? Did it become so profitable for security companies that they paid for it to stop? I even recall discussions about how they could make the internet hack-proof. Now there's something worthy of an in depth investigation .....
That would be IP V6, and having looked at what can be done in terms of connectivity, I won't run it on my network.
 

wiyosaya

Posts: 6,766   +5,210
No matter how secure the infrastructure is, Introducing backdoors for law enforcement purposes still won't ever work. Law enforcement will have to stop being lazy and do actual investigations.
Personally, I don't see anything in the article that suggests a back door approach.
 

wiyosaya

Posts: 6,766   +5,210
IMO, It seems like many problems these days are as a result of "social phishing." People need to be educated on that kind of tactic. Until that problem is better addressed, attacks will continue at their current rate, IMO.
 

Danny101

Posts: 1,952   +818
IMO, It seems like many problems these days are as a result of "social phishing." People need to be educated on that kind of tactic. Until that problem is better addressed, attacks will continue at their current rate, IMO.
Maybe any new message from an unknown sender could have a dialog box explaining the risks with a Do not see again check box for that sender. Helps to slow the roll and to remind people of the dangers. As far as backdoors, I'm referring to law enforcement requesting backdoor like access measures.
 

scavengerspc

Posts: 1,741   +1,792
TechSpot Elite
This is obviously an important topic, but it is one that I know very little about.
At the same time, I love to talk when I can, so:

691822b176234220717e353726a5066f.jpg
 

wiyosaya

Posts: 6,766   +5,210
Maybe any new message from an unknown sender could have a dialog box explaining the risks with a Do not see again check box for that sender. Helps to slow the roll and to remind people of the dangers. As far as backdoors, I'm referring to law enforcement requesting backdoor like access measures.
The company I work for has a mail service that is external to the company. In addition to screening messages for spam, they also insert the following message into external e-mails:

ATTENTION: This email came from an external source. Do not open attachments or click on links from unknown senders or unexpected emails.

Still, I had one e-mail recently that came from what I suspect was a compromised e-mail account from one of our customers. It wanted me to click on the link to authorize something, and I simply replied and said, "Sorry, but I do not have that authority" without clicking on the link. The person then replied and said, "Yes, but click on the link." :rolleyes: If they were legitimate, they would have said something like - "Oh, I sent it to you by mistake, and I should have sent it to so-and-so instead."

The long story short, nothing happened because I did not click on the link.

That said, it was an unexpected message, and the message inserted in the e-mail by the external mail provider does say to watch out for unexpected e-mails.

As I see it, there can only be so much id!ot proofing before an id!ot comes along and "proves" it.

So, I don't know. However, I do think direct training, if necessary, might go a long way to training the inexperienced. To me, though, it seemed obvious that clicking on the link for what the e-mail wanted me to approve was beyond my authority, so there was no way that I was clicking on the link - no matter what the e-mail writer said.
This is obviously an important topic, but it is one that I know very little about.
At the same time, I love to talk when I can, so:

691822b176234220717e353726a5066f.jpg
🤣