The role of Big Tech in cyber defence

Cyber warfare has reached new levels and governments are now turning to Big Tech to strengthen their cyber defence.



Show More

Cyber warfare has reached new levels - with attacks now disrupting supply chains, infiltrating governments, and affecting national infrastructure. And cyber threats at a national level have significantly bigger consequences than an organisational data breach, ones which impact international relations.

Back in 2021, the US accused China of a global cyberespionage campaign and responded with a broad coalition that included Britain, the EU and even NATO. Beijing rejected the attempted initiative and called it irresponsible. Overall, it was a highly tense situation involving two super nations, and ultimately, a conflict which emphasised a growing problem for government offices. The UK’s Gloucester City Council has been hit twice by attackers in the last decade, Belgium’s defence ministry and Canada’s foreign ministry have been targeted by hackers, and perhaps the most serious of all; Ukraine’s massive cyber attack that shut down numerous government websites. The fallout of Ukraine’s cyber attack highlights the catastrophic effects of cyberwarfare at a national level. It should be a wake-up call for countries to strengthen their own cyber security posture.

While most countries like the UK and Belgium are increasing investment in cybersecurity, the US is turning to Big Tech for help with cyber defence. After sending out a letter back in December, the White House met executives from the top tech firms – including Google, Apple, IBM and Amazon – to discuss how to bolster software security in the wake of the attack on Log4j, the open-source software. A bold move, one that indicates the private sector could be the answer to securing critical infrastructure and systems.

The current state of national cybersecurity

Perhaps a rather obvious and inevitable challenge for governments is that countries will undeniably engage in cyber-espionage. In a data-driven and digital-first world, the easiest form of information gathering is to target systems and data. Some of the targets of the SolarWinds/Nobelium attack of 2020 included the Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Agency (CISA), and the US Treasury.

Roger Grimes, Data Driven Defence Evangelist at KnowBe4, discusses this political challenge. He comments that, “every sufficiently capable nation-state is attacking their adversaries with near impunity. It's tougher to tell an adversary to stop hacking you when you are also hacking them.”

A possible solution for the national cyber warfare problem is creating a set of global rules. Grimes suggests a digital Geneva Convention, “which spells out what is and isn't allowed between nation-states, and have all nation-states agree to abide by the agreed-upon global rules.” It would certainly hold countries more accountable for cyber attacks, especially ones as serious as Ukraine’s.

But what is clear is that cyber attacks are no longer a might-happen, instead they are unavoidable. Security should be a top priority and governments must build an appropriate security framework that includes things like training and awareness, authentication, access management and encryption of sensitive data.

The other significant issue is that in a data-first world governments are still not able to collect good data on their cybersecurity problem.

“To best address a problem, you need good data, and most governments don't have that.” Grimes comments, “[Governments] know that a bunch of cybercrime is happening, but not exactly how much and how it is accomplished… All governments are working on these issues, but they remain complex and difficult to solve."

Businesses are no strangers to ransomware and malware attacks. They have been fortifying their networks, managing identity and remote access, and mitigating cyber threats. They’ve collected data on the rising threat of ransomware, from the methods being used to the vulnerabilities that are being exploited. It’s only logical that’s who governments would turn to for help.  

Big Tech’s influence set to grow

Commenting on how leading tech firms can assist governments with their cybersecurity, Grimes says, “It would be great if big tech companies shared their customer's attack data (anonymised) with the government to help them with getting better data. It would also be great if big tech came together to create and deploy new or improved open cybersecurity standards, then build them into their products. We actually have the technical ability to put down most cybercrime...we know how to do it...but we don't have a consensus to actually do it. It would be dare-to-dream fantastic if big tech got together, agreed to significantly improve cybersecurity, created the standards we need, and deployed them in their products to best protect their customers. Unfortunately, the competitive nature of the business makes it difficult for a bunch of competitors to come together for the common good."

And while it does seem unlikely for the big tech firms to set aside their differences for a common goal - that’s exactly what they did.

Tech firms including Microsoft, Google, Amazon, IBM, and Apple made a significant commitment in the US, pledging more than $30 billion and 250,000 new jobs according to a White House statement.

  • Apple will establish a new program for continuous security improvements throughout the technology supply chain and is enabling the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
  • Microsoft offered $150 million in technical services to federal, state, and local governments with upgrading security protection. They’ve also promised $20 billion over the next five years to enhance efforts in integrating cyber security by design and will also deliver advanced security solutions.
  • Google offered $10 billion over the next five years to help expand zero-trust programs, as well as enhancing open-source security and software supply chains.
  • IBM will train 150,000 people over the next three years to improve cybersecurity skills and will also partner with more than 20 university and centres to grow a more diverse cyber workforce.

These are substantial investments from some of tech most powerful firms, providing massive support to the US government and laying the foundation for an overall stronger cyber posture. The private sector already operates and owns some of the most critical infrastructure when it comes to cyber security. But there is the issue of allowing the private sector to have access to government systems.

Too much power?

Companies like Google are no stranger to controversies, especially those relating to data privacy and compliance. Mishandling of personal data has been a headache for leading tech firms in the wake of GDPR, raising legitimate concerns over the level of access being given to these firms. Allowing companies like Microsoft to deliver advanced security solutions, which will be integrated into federal, state, and local governments, means private sector companies can access the networks and systems of governments, many of which handle citizen data and information.

Grimes acknowledges the struggle between privacy concerns and government regulation, pointing out how extensive cybercrime is right now, “the government can't do it alone. Big tech can't do it alone. But together, along with open standards and public participation, we can solve the big problems and make the internet a far safer place to compute. It can be done. Most people think that it's impossible to make the internet a safer place. But that isn't true. It just takes an all-hands-on-deck strategy, with each side willing to give up the extreme edges of their own concerns to come up with a common solution that works best for all. Give up a little to get a lot."

Big Tech has certainly pledged significant support to the US, but it’s not exactly fair to other countries who lack the same resources but are customers of the same companies. There is also the question of whether it creates a conflict of interest for leading tech firms to provide national support while operating in other regions.

There’s no doubt that tech firms could be a great support in sharing their security expertise and know-how to bolster national defences, but there is also the important question of how big a role tech firms should play in a nation’s cyber defence.