来源 | 继民财经汇
拜登政府网安计划曝光,科技巨头纷纷布局(全文)
(中文翻译仅供参考,英文原文为准)
FACT SHEET: Biden Administration and Private Sector Leaders Announce Ambitious Initiatives to Bolster the Nation’s Cybersecurity
AUGUST 25, 2021
•
STATEMENTS AND RELEASES
今天,拜登总统会见了私营部门和教育部门的领导人,讨论了应对网络安全威胁所需的全国性努力。最近引人注目的网络安全事件表明,美国公共和私营部门实体越来越多地面临复杂的恶意网络活动。网络安全威胁和事件影响着各种规模的企业、遍布全国各个角落的小城镇和城市,以及中产阶级家庭的钱袋子。使这一挑战更加严峻的是,近 50 万公共和私营的网络安全工作仍然空缺。
网络安全是拜登政府的国家安全和经济安全要务,我们正前所未有地优先考虑和提升网络安全。2021 年 5 月 12 日,拜登总统发布了一项行政命令,该命令旨在使联邦政府的防御系统现代化,并提高技术的安全性。为了保护我们的关键基础设施,今年春天,拜登政府启动了一项为期 100 天的倡议,以改善整个电力部门的网络安全,其他国家也将效仿。7 月 28 日,总统发布了一份国家安全备忘录,建立了自愿网络安全目标,明确概述了我们对关键基础设施所有者和运营者的期望。行政当局还与私营部门接触,强调必须优先重视网络安全,将其作为维持业务连续性工作的核心部分。在国际上,拜登政府召集七国集团成员国,追究藏匿勒索软件罪犯的国家的责任,并在七年来首次更新北约网络政策。
今天会议的目的是讨论通过合作和个人合作加强国家网络安全的机会。若干与会者宣布了以下承诺和倡议:
拜登政府宣布,美国国家标准与技术研究所( NIST )将与行业和其他合作伙伴合作,开发一个新的框架,以提高技术供应链的安全性和完整性。该方法将作为公共和私营实体如何建立安全技术和评估包括开放源码软件在内的技术安全性的指南。微软、谷歌、 IBM 、 Travelers 和 Coalition 都致力于参与这一 NIST 主导的倡议。
拜登政府还宣布将工业控制系统网络安全倡议正式扩展到第二个主要部门:天然气管道。该计划已经改善了为 9千万美国人服务的 150 多家电力公司的网络安全。
苹果宣布将建立一个新的项目,推动整个技术供应链的持续安全改进。作为该计划的一部分,苹果将与其供应商(包括美国的 9000 多家供应商)合作,推动多因素身份验证、安全培训、漏洞修复、事件日志和事件响应的大规模采用。
谷歌宣布将在未来五年投资 100 亿美元,以扩大零信任计划,帮助确保软件供应链的安全,并加强开源安全。谷歌还宣布,将帮助 10 万名美国人获得行业认可的数字技能证书,这些证书提供的知识可以带来安全的高薪、高增长的工作。
IBM 宣布将在未来三年内培训 15 万人的网络安全技能,并将与 20 多所历史悠久的黑人学院和大学合作建立网络安全领导中心,以培养更加多样化的网络劳动力。
微软宣布将在未来 5 年内投资 200 亿美元,以加快通过设计整合网络安全的努力,并提供先进的安全解决方案。微软还宣布将立即提供 1500 亿美元的技术服务,帮助联邦、州和地方政府升级安全保护,并将扩大与社区学院和非营利组织的网络安全培训合作。
亚马逊宣布将向公众免费提供其员工的安全意识培训。亚马逊还宣布,将向所有亚马逊网络服务账户持有人免费提供一种多因素认证设备,以防止网络钓鱼和密码盗窃等网络安全威胁。
网络保险提供商 Resilience 宣布,将要求投保人满足网络安全最佳实践的门槛,作为获得保险的一个条件。
网络保险提供商 Coalition 宣布,将向任何组织免费提供其网络安全风险评估和持续监测平台。
Code . org 宣布,它将在 3 年内向超过 35000 个教室的 3000000 名学生教授网络安全概念,教不同人群的学生如何保持安全的在线,并建立对网络安全作为一个潜在职业的兴趣。
girls who code 宣布,它将建立一个微型认证计划,历史上被排斥的群体在技术。该计划将使奖学金和早期职业机会更容易获得代表不足的群体。
德州大学系统宣布,将在网络相关领域扩大现有和开发新的短期证书,以加强美国的网络安全劳动力。这项努力的一个主要部分将是通过提供入门级的网络教育计划,通过 UT 圣安东尼奥的网络安全制造创新研究所,提高全国超过 1000000 名工人的技能和再培训。证书不依赖于传统的学位途径,也应该大大有助于管道的多样化。
Whatcom 社区学院宣布已被指定为新的 NSF 先进技术教育国家网络安全中心,并将为教师提供网络安全教育和培训,并支持学院为学生从大学到职业“快速通道”的项目开发。社区学院的性质分散在每个社区在国家使他们成为一个理想的管道,增加多样性和网络安全劳动力的包容性。
Today, President Biden met with private sector and education leaders to discuss the whole-of-nation effort needed to address cybersecurity threats. Recent high-profile cybersecurity incidents demonstrate that both U.S. public and private sector entities increasingly face sophisticated malicious cyber activity. Cybersecurity threats and incidents affect businesses of all sizes, small towns and cities in every corner of the country, and the pocketbooks of middle-class families. Compounding the challenge, nearly half a million public and private cybersecurity jobs remain unfilled.
Cybersecurity is a national security and economic security imperative for the Biden Administration and we are prioritizing and elevating cybersecurity like never before. On May 12, 2021, President Biden issued an Executive Order that modernizes Federal Government defenses and improves the security of technology. To secure our critical infrastructure, this spring the Biden Administration launched a 100-day initiative to improve cybersecurity across the electric sector with others to follow. On July 28, the President issued a National Security Memorandum establishing voluntary cybersecurity goals that clearly outline our expectations for owners and operators of critical infrastructure. The Administration has also engaged with the private sector on the importance of prioritizing cybersecurity as a central part of their efforts to maintain business continuity. And internationally, the Biden Administration has rallied G7 countries to hold accountable nations who harbor ransomware criminals and to update NATO cyber policy for the first time in seven years.
The purpose of today’s meeting was to discuss opportunities to bolster the nation’s cybersecurity in partnership and individually. Several participants announced commitments and initiatives including:
-
The Biden Administration announced that the National Institute of Standards and Technology (NIST) will collaborate with industry and other partners to develop a new framework to improve the security and integrity of the technology supply chain. The approach will serve as a guideline to public and private entities on how to build secure technology and assess the security of technology, including open source software. Microsoft, Google, IBM, Travelers, and Coalition committed to participating in this NIST-led initiative.
-
The Biden Administration also announced the formal expansion of the Industrial Control Systems Cybersecurity Initiative to a second major sector: natural gas pipelines. The Initiative has already improved the cybersecurity of more than 150 electric utilities that serve 90 million Americans.
-
Apple announced it will establish a new program to drive continuous security improvements throughout the technology supply chain. As part of that program, Apple will work with its suppliers — including more than 9,000 in the United States— to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
-
Google announced it will invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security. Google also announced it will help 100,000 Americans earn industry-recognized digital skills certificates that provide the knowledge that can lead to secure high-paying, high-growth jobs.
-
IBM announced it will train 150,000 people in cybersecurity skills over the next three years, and will partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to grow a more diverse cyber workforce.
-
Microsoft announced it will invest $20 billion over the next 5 years to accelerate efforts to integrate cyber security by design and deliver advanced security solutions. Microsoft also announced it will immediately make available $150 million in technical services to help federal, state, and local governments with upgrading security protection, and will expand partnerships with community colleges and non-profits for cybersecurity training.
-
Amazon announced it will make available to the public at no charge the security awareness training it offers its employees. Amazon also announced it will make available to all Amazon Web Services account holders at no additional cost, a multi-factor authentication device to protect against cybersecurity threats like phishing and password theft.
-
Resilience, a cyber insurance provider, announced it will require policy holders to meet a threshold of cybersecurity best practice as a condition of receiving coverage.
-
Coalition, a cyber insurance provider, announced it will make its cybersecurity risk assessment & continuous monitoring platform available for free to any organization.
-
Code.org announced it will teach cybersecurity concepts to over 3 million students across 35,000 classrooms over 3 years, to teach a diverse population of students how to stay safe online, and to build interest in cybersecurity as a potential career.
-
Girls Who Code announced it will establish a micro credentialing program for historically excluded groups in technology. The program will make scholarships and early career opportunities more accessible to underrepresented groups.
-
University of Texas System announced it will expand existing and develop new short-term credentials in cyber-related fields to strengthen America’s cybersecurity workforce. A major part of this effort will be to upskill and reskill over 1 million workers across the nation by making available entry-level cyber educational programs through UT San Antonio’s Cybersecurity Manufacturing Innovation Institute. Credentials do not depend on traditional degree pathways, and should also contribute significantly to diversifying the pipeline.
-
Whatcom Community College announced it has been designated the new NSF Advanced Technological Education National Cybersecurity Center, and will provide cybersecurity education and training to faculty and support program development for colleges to “fast-track” students from college to career. The nature of community colleges dispersed in every community in the nation makes them an ideal pipeline for increasing diversity and inclusion in the cybersecurity workforce.
Remarks by President Biden on Collectively Improving the Nation’s Cybersecurity
AUGUST 25, 2021
•
SPEECHES AND REMARKS
East Room
总统:嗯,谢谢大家在这里讨论我们面临的核心国家安全挑战,美国人民正面临着,我们的经济正面临着网络安全。
我们一次又一次地看到我们赖以依靠的技术——从手机到管道,到电网——如何成为黑客和罪犯的目标。
与此同时,我们熟练的网络安全员工队伍增长速度不够快,无法跟上时代的步伐。我们大约是你们许多人给我们的估计,我们的结论是——大约50万个网络安全工作仍然空缺。
这是一个挑战,但它也是一个真正的机会。我从一开始就把这作为我的政府的首要任务。
今年5月,我发布了一项行政命令,要求我们实现防御现代化,并改善联邦政府的网络安全。由于这项命令,政府只会购买符合某些网络安全标准的技术产品,我们认为,这将在整个软件行业产生连锁反应,最终改善所有美国人的安全。
我们发起了一项为期 100 天的计划,旨在改善整个电力行业的网络安全状况。这一举措已经导致超过150个公用事业公司,为9000万美国人服务。我们承诺部署网络安全技术, 这些技术正在扩展这一举措, 以及天然气管道。这就是我们要去的地方。
由于网络安全是一个全球性问题,我们还召集了七国集团国家,要求窝藏勒索软件罪犯的国家承担责任。
我可以补充一点,我和弗拉基米尔·普京进行了一次峰会,向他表明,我们期望他也追究他们的责任,因为他们知道他们在哪里,他们是谁。但这是另一个问题,我们今天不会讨论这么多。
我们七年来首次更新了北约的网络政策。今天,我的团队将主办一次会议,召集30个国家中的30个国家,加强打击勒索软件的斗争。
但现实情况是,我们拥有和运营的大部分关键基础设施都由私营部门拥有和运营,联邦政府无法单独应对这一挑战。
因此,我今天邀请你们来到这里,因为我相信你们有能力、有能力和责任提高网络安全标准。
因此,最终,我们还有很多工作要做。 非常感谢大家。感谢媒体来到这里。我们现在要私营部门参与了
问:总统先生,如果美国人在最后期限过后还在阿富汗,你会怎么做?先生,如果美国人在最后期限之后还在那里,你会怎么做?不?好。
总统:你会是我第一个打电话的人。
问:请打电话给他们。
THE PRESIDENT: Well, thank you all for being here to discuss the core national security challenge we’re facing, the American people are facing, and — and our economy is facing with cybersecurity.
We’ve seen time and again how the technologies we rely on — from our cell phones to pipelines, to the electric grid — can become targets of ha- — hackers and criminals.
At the same time, our skilled cybersecurity workforce has not grown fast enough to keep pace. We’re about — the estimates many of you have given us and we’ve concluded are — on our own — about a half a million cybersecurity jobs remain unfilled.
That’s a challenge, but it also is a real opportunity. And I’ve made it — this a priority for my administration from the outset.
And in May, I issued an executive order to modernize our defenses and improve our federal government’s cybersecurity. Because of that order, government will only buy tech products that meet certain cybersecurity standards, which will have a ripple effect across the software industry, in our view, ultimately improving security for all Americans.
We’ve launched a 100-day initiative to improve cybersecurity across the electric sector. That initiative has already resulted in more than 150 utilities that serve 90 million Americans being deployed. And we’re committing to deploy cybersecurity technologies that are — that are extending that initiative as — to gas pipelines as well, next. That’s where we’re going.
And because cybersecurity is a global issue, we’ve also rallied G7 countries to hold nations who harbor ransomware criminals accountable.
And, I might add, I had a — a summit with Vladimir Putin and made it clear to him that we expected him to hold them accountable as well, because they know where they are and who they are. But that’s another issue we will not be discussing so much today.
We updated NATO cyber policy for the first time in seven years. And today, my team is hosting a meeting, bringing together 30 of the nations — 30 nations to step up in their fight against ransomware.
But the reality is, most of our critical infrastructure owned and operated — is owned and operated by the private sector, and the federal government can’t meet this challenge alone.
So I’ve invited you all here today because you have the power, the capacity, and the responsibility, I believe, to raise the bar on cybersecurity.
And so, ultimately, we got a lot of work to do. And thank you all very much. And thank the press for being here. We’re going to go private now.
Q Mr. President, if Americans are still in Afghanistan after the deadline, what will you do? Sir, what will you do if Americans are still there after the deadline? No? Okay.
THE PRESIDENT: You’ll be the first person I’ll call.
Q Please call them.
2:14 P.M. EDT
版权声明:所有瑞恩资本Ryanben Capital的原创文章,转载须联系授权,并在文首/文末注明来源、作者、微信ID,否则瑞恩将向其追究法律责任。部分文章推送时未能与原作者或公众号平台取得联系。若涉及版权问题,敬请原作者联系我们。
