Deputy national security adviser details the 'core question we have for tech companies'

After a series of high-profile cyberattacks in recent months, the Biden administration is taking steps to create a public-private partnership that it hopes will provide a bulwark against future hacks against government entities and private businesses.

“The core question we have for tech companies is ‘How do you bake security in?’” Deputy National Security Adviser for Cyber & Emerging Tech Anne Neuberger told Yahoo Finance Live this week.

“Our goal with the tech companies is to say, ‘How do we build more secure software and hardware across the sector?’ ” she added.

Neuberger’s comments come as the Biden administration copes with the fallout from cyberattacks on both the government and critical infrastructure companies. Those attacks include a 2020 Russian hack of the Treasury Department and Pentagon, and a ransomware attack on the Colonial Pipeline that cut off nearly 50% of fuel capacity to the East Coast in April.

On Wednesday, the CEOs of some of the nation’s largest tech companies, including Apple’s (AAPL) Tim Cook, Microsoft’s (MSFT) Satya Nadella, Google’s (GOOG, GOOGL) Sundar Pichai, and Amazon’s (AMZN) Andy Jassy met with members of the Biden administration to determine how the tech industry can help address cybersecurity shortfalls at the government level and throughout the private sector.

Following the meeting, the companies announced a number of initiatives designed to assist government and private cybersecurity efforts.

President Joe Biden speaks during a meeting about cybersecurity, in the East Room of the White House, Wednesday, Aug. 25, 2021, in Washington. (AP Photo/Evan Vucci)
President Joe Biden speaks during a meeting about cybersecurity, in the East Room of the White House, Wednesday, Aug. 25, 2021, in Washington. (AP Photo/Evan Vucci) (ASSOCIATED PRESS)

Microsoft announced it will spend $20 billion over the next 5 years to boost its cybersecurity capabilities, and will provide $150 million in services to federal, state, and local governments to improve their cyber defenses.

Amazon said that it will make the cybersecurity training materials it developed to keep its employees and sensitive information safe from cyberattacks available to the public. It will also provide qualified AWS customers with a free multi-factor authentication device to help protect them from cyberattacks.

Google revealed it will invest $10 billion over the next five years to expand its zero-trust programs to help secure the software supply chain and enhance open-source security.

Apple, meanwhile, said it will create a new program to build out security improvements for the technology supply chain by working with its suppliers to ensure they use multi-factor authentication, have security training, and understand vulnerability remediation, event logging, and incident response.

While the efforts by the tech companies will provide at least some benefit, they only go so far. The larger issue is that while the Biden administration can create mandates for government computer systems and contractors that work with the government, it can’t dictate security measures for private entities outside of critical infrastructure.

“The U.S. government...doesn’t have the authority to mandate security practices for U.S. companies, full stop,” Neuberger explained.

But, she added, the government hopes to incentivize companies to build up their cybersecurity capabilities by working with insurance companies. The idea is for insurance companies to require companies to have appropriate cybersecurity protections in place to receive any payments related to a cyberattack.

“If you could only get an insurance policy if you’ve put certain cybersecurity practices into place, and if after an incident before you could get a payout, you had to show, for example that you [installed] critical patches within a very quick time period of the incident, perhaps that a way to incentivize that,” Neuberger explained.

Still, if the government and private sector can’t find a way to follow the best cybersecurity practices at all times, there’s no doubt they’ll be the victims of future attacks.

Sign up for Yahoo Finance Tech newsletter

More from Dan

Got a tip? Email Daniel Howley at [email protected] over via encrypted mail at [email protected], and follow him on Twitter at @DanielHowley.

Advertisement