Tech Companies Pledge Billions in Cybersecurity Investments

Some of the country’s leading technology companies have committed to investing billions of dollars to strengthen cybersecurity defenses and to train skilled workers, the White House announced Wednesday following President Joe Biden’s private meeting with top executives.

The gathering was held during a relentless stretch of ransomware attacks that have targeted critical infrastructure, in some cases with the attackers extorting multimillion-dollar payments from major corporations, as well as other illicit cyber operations that U.S. authorities have linked to foreign hackers.

The Biden administration has been urging the private sector to do its part to strengthen cybersecurity defenses against those increasingly sophisticated attacks. In public remarks before the private meeting got underway, Biden referred to cybersecurity as a “core national security challenge” for the U.S.

“The reality is most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said. “I’ve invited you all here today because you have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity.”

After the meeting, the White House announced that Google had committed to invest $10 billion in cybersecurity over the next five years, money aimed at helping secure the software supply chain and expand zero-trust programs. The Biden administration has looked for ways to safeguard the government’s supply chain following a massive Russian government cyberespionage campaign that exploited vulnerabilities and gave hackers access to the networks of U.S. government agencies and private companies.

Microsoft, meanwhile, said it would invest $20 billion in cybersecurity over the next five years and make available $150 million in technical services to help local governments improve their defenses. IBM plans to train 150,000 people in cybersecurity over three years, and Apple said it would develop a new program to help strengthen the supply chain.

Top executives of each of those companies were invited to Wednesday’s meeting, as were financial industry executives and representatives from the energy, education and insurance sectors. A government initiative that at first supported the cybersecurity defenses of electric utilities has been expanded to focus on natural gas pipelines, the White House said Wednesday.

Though ransomware was intended as one focus of Wednesday’s gathering, a senior administration official who briefed reporters in advance said the purpose was much broader, centered on identifying the “root causes of malicious cyber activities” and ways in which the private sector can help bolster cybersecurity. The official briefed reporters on the condition of anonymity.

The meeting took place as Biden’s national security team has been consumed by the troop withdrawal in Afghanistan and the chaotic evacuation of Americans and Afghan citizens. That it remained on the calendar indicates the administration regards cybersecurity as a major agenda item, with the administration official describing Wednesday’s meeting as a “call to action.”

The broad cross-section of participants underscores how cyber attacks have cut across virtually all sectors of commerce. In May, for instance, hackers associated with a Russia-based cyber gang launched a ransomware attack on a major fuel pipeline in the U.S., causing the company to temporarily halt operations. Weeks later, the world’s largest meat processor, JBS SA, was hit with an attack by a different hacking group.

In both instances, the companies made multimillion-dollar ransom payments in an effort to get back online.

Biden on Wednesday pointed to a summit with Russian President Vladimir Putin in June when he said he made clear his expectation that Russia take steps to rein in ransomware gangs because “they know where they are and who they are.”