Google has made a 10 billion dollar commitment that will address the privacy risks and cybersecurity of the US government. The company plans to beef up critical infrastructure including crucial computer programs. Also, they will expand their zero-trust programs, and help secure software supply chains. This is all in order to improve the open-source security of the US.
Privacy risks and Linux
Google is leveraging its contributions in open-source and Linux to fortify the security of its customer experience. In fact, the company has funded Linux kernel developers to work on security for years. Moreover, recently it has been working on initiatives such as fuzzing tools and pushing for memory-safe languages in Linux.
USA president Joe Biden called on the CEOs of major US corporations to beef up national infrastructure cyber security. Still, Google was not among the 18 companies selected by the National Institute of Standards and Technology (NIST) to work with. But things have changed!
The new program will establish Zero Trust designs for federal agencies to implement. Thus, the program assumes that network has been breached. Therefore, it would pay more attention to the cybersecurity of apps, data and people. So, Google is now collaborating with the National Institute of Standards and Technology (NIST) to develop a framework. Eric Brewer and Dan Lorenc announced it in a blog post.
The Zero Trust method seems to be smarter than ever. It prevents security breaches by focusing on apps, data, and people, instead of just the network’s perimeter. Thus, the idea is that the perimeter has probably been breached already. “We should eliminate vulnerabilities proactively with secure languages, platforms, and frameworks that stop entire classes of bugs,” said Brewer and Lorenc.
Prevention is always better
President Joe Biden told the private sector that it is safer and more cost-effective to prevent vulnerabilities than to fix them. The federal government can’t protect critical infrastructure from cyberattacks alone, he added.
Google and Microsoft have committed $10 billion and $20 billion, respectively, to better protect the US from privacy risks. But these pledges follow recent high-profile attacks including the Colonial Pipeline ransomware attack, the SolarWinds software supply chain attack, and widespread hacking of Microsoft Exchange server vulnerabilities.
President Joe Biden addressed the importance of cybersecurity during a recent speech. He stated that “we’ve got a lot of work to do.” Brewer submitted four papers earlier this year in response to Biden’s executive order on enhancing software supply chain security.
One of them discusses the security problems inherent to coding and about Rust – a new coding language.
Google is teaming up with Microsoft and Amazon to get the new programming language Rust into the Linux kernel. They argue that software bugs should be limited from the outset, rather than reacting to vulnerabilities as they arise. So, this new language could help limit errors in memory-hard situations.
Google advocates for software testing, including using dependable tools from GitHub such as Dependabot. Dependabot is an open source dependency update tool, from Microsoft. Google offered their opinion on the idea of a SBOM (software bill of materials) when the United States responded to software supply chain attacks.
So, now, Google wants the NTIA to establish minimum and maximum requirements on the level of granularity and detail SBOMs can have. If they contain too much information, they won’t be useful.