Connect with us

Google

Why we’re committing $10 billion to advance cybersecurity

We welcomed the opportunity to participate in President Biden’s White House Cyber Security Meeting today, and appreciated the chance to share our recommendations to advance this important agenda. The meeting comes at a timely moment, as widespread cyberattacks continue to exploit vulnerabilities targeting people, organizations, and governments around the world.That’s why today, we are announcing…

Published

on

We welcomed the opportunity to participate in President Biden’s White House Cyber Security Meeting today, and appreciated the chance to share our recommendations to advance this important agenda. The meeting comes at a timely moment, as widespread cyberattacks continue to exploit vulnerabilities targeting people, organizations, and governments around the world.

That’s why today, we are announcing that we will invest $10 billion over the next five years to strengthen cybersecurity, including expanding zero-trust programs, helping secure the software supply chain, and enhancing open-source security. We are also pledging, through the Google Career Certificate program, to train 100,000 Americans in fields like IT Support and Data Analytics, learning in-demand skills including data privacy and security. 

Governments and businesses are at a watershed moment in addressing cybersecurity. Cyber attacks are increasingly endangering valuable data and critical infrastructure. While we welcome increased measures to reinforce cybersecurity, governments and companies are both facing key challenges: 

First, organizations continue to depend on vulnerable legacy infrastructure and software, rather than adopting modern IT and security practices. Too many governments still rely on legacy vendor contracts that limit competition and choice, inflate costs, and create privacy and security risks. 

Second, nation-state actors, cybercriminals and other malicious actors continue to target weaknesses in software supply chains and many vendors don’t have the tools or expertise to stop them. 

Third, countries simply don’t have enough people trained to anticipate and deal with these threats. 

For the past two decades, Google has made security the cornerstone of our product strategy. We don’t just plug security holes, we work to eliminate entire classes of threats for consumers and businesses whose work depends on our services. We keep more users safe than anyone else in the world — blocking malware, phishing attempts, spam messages, and potential cyber attacks. We’ve published over 160 academic research papers on computer security, privacy, and abuse prevention, and we warn other software companies of weaknesses in their systems. And dedicated teams like our Threat Analysis Group work to counter government-backed hacking and attacks against Google and our users, making the internet safer for everyone.

Extending the zero-trust security model 

We’re one of the pioneers in zero-trust computing, in which no person, device, or network enjoys inherent trust.  Trust that allows access to information must be earned.  We’ve learned a lot about both the power and the challenges of running this model at scale. 

Implemented properly, zero-trust computing provides the highest level of security for organizations.  We support the White House effort to deploy this model across the federal government. 

As government and industry work together to develop and implement zero-trust solutions for employee access to corporate assets, we also need to apply the approach to production environments. This is necessary to address events like Solarwinds, where attackers used access to the production environment to compromise dozens of outside entities. The U.S. government can encourage adoption by expanding zero-trust guidelines and reference architecture language in the Executive Order implementation process to include production environments, which in addition to application segmentation substantially improves an organization’s defense in depth strategy. 

Securing the software supply chain 

Following the Solarwinds attack, the software world gained a deeper understanding of the real risks and ramifications of supply chain attacks. Today, the vast majority of modern software development makes use of open source software, including software incorporated in many aspects of critical infrastructure and national security systems. Despite this, there is no formal requirement or standard for maintaining the security of that software. Most of the work that is done to enhance the security of open source software, including fixing known vulnerabilities, is done on an ad hoc basis. 

That’s why we worked with the Open Source Security Foundation (OpenSSF) to develop and release Supply Chain Levels for Software Artifacts (SLSA or “salsa”), a proven framework for securing the software supply chain. In our view, wide support for and adoption of the SLSA framework will raise the security bar for the entire software ecosystem. 

To further advance our work and the broader community’s work in this space, we committed to invest in the expansion of the application of our SLSA framework to protect the key components of open-source software widely used by many organizations. We also pledged to provide $100 million to support third-party foundations, like OpenSSF, that manage open source security priorities and help fix vulnerabilities.

Strengthening the digital security skills of the American workforce

Robust cybersecurity ultimately depends on having the people to implement it. That includes people with digital skills capable of designing and executing cybersecurity solutions, as well as promoting awareness of cybersecurity risks and protocols among the broader population. In short, we need more and better computer security education and training.  

Over the next three years, we’re pledging to help 100,000 Americans earn Google Career Certificates in fields like IT Support and Data Analytics to learn in-demand skills including data privacy and security. The certificates are industry-recognized and supported credentials that equip Americans with the skills they need to get high-paying, high-growth jobs. To date, more than half of our graduates have come from backgrounds underserved in tech (Black, Latinx, veteran, or female). 46% of our graduates come from the lowest income tertile in the country. And the results are strong: 82% of our graduates report a positive career impact within six months of graduation. Additionally, we will train over 10 million Americans in digital skills from basic to advanced by 2023.

Leading the world in cybersecurity is critical to our national security. Today’s meeting at the White House was both an acknowledgment of the threats we face and a call to action to address them. It emphasized cybersecurity as a global imperative and encouraged new ways of thinking and partnering across government, industry and academia. We look forward to working with the Administration and others to define and drive a new era in cybersecurity. Our collective safety, economic growth, and future innovation depend on it.

Source

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Google

Enjoy a warm cup of trends for International Tea Day

From bubble tea to tea ceremonies, tea has deep roots and profound cultural significance across Asia. Just ahead of the United Nations’ International Tea Day on Saturday, May 21, we looked at trends on Google Search around the world and found bags of insights into what the world is searching for when it comes to…

Published

on

By

From bubble tea to tea ceremonies, tea has deep roots and profound cultural significance across Asia. Just ahead of the United Nations’ International Tea Day on Saturday, May 21, we looked at trends on Google Search around the world and found bags of insights into what the world is searching for when it comes to this brew-tea-full beverage.

Worldwide populari-tea

Assam, green or bubble: tea is the world’s most-consumed drink apart from water, so even if Earl Grey isn’t your thing, there’s most likely a brew out there that fits you to a T. But which types of tea are the most popular?

  1. Bubble tea
  2. Green tea
  3. Matcha
  4. Black tea
  5. Milk tea
  6. Kombucha
  7. Masala chai
  8. Iced tea
  9. Hibiscus tea
  10. Ginger tea

Worldwide top-searched types of tea, past 12 months. Source: Google Trends.

Green tea used to be the most popular type of tea on Search — until last year, when bubble tea bubbled up to become the most-searched type of tea around the world. The rise has been remarkable, with search interest for bubble tea more than tripling in the last five years, an increase of +220% worldwide. We’ve seen a similar trend with matcha; the beverage is now the world’s third most popular type of tea after search interest went up by +70% in the last five years.

Source

Continue Reading

Google

Protecting Android users from 0-Day attacks

To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks.This blog is a follow up to our July 2021 post on four 0-day vulnerabilities we discovered in 2021,…

Published

on

By

To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks.

This blog is a follow up to our July 2021 post on four 0-day vulnerabilities we discovered in 2021, and details campaigns targeting Android users with five distinct 0-day vulnerabilities:

We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns discussed below. Consistent with findings from CitizenLab, we assess government-backed actors purchasing these exploits are located (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.

The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem. Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits.

Seven of the nine 0-days TAG discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors. TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors.

Source

Continue Reading

Google

Why this Pixel engineer chose Google Taiwan

Welcome to the latest edition of “My Path to Google,” where we talk to Googlers, interns, apprentices and alumni about how they got to Google, what their roles are like and even some tips on how to prepare for interviews.Today’s post is all about Gordon Kuo, a Taiwan-based engineer on the Pixel Mobile Wireless Team.…

Published

on

By

Welcome to the latest edition of “My Path to Google,” where we talk to Googlers, interns, apprentices and alumni about how they got to Google, what their roles are like and even some tips on how to prepare for interviews.

Today’s post is all about Gordon Kuo, a Taiwan-based engineer on the Pixel Mobile Wireless Team. He shares what makes Google Taiwan a unique place for engineers to work and advice for anyone interested in applying to Google.

What’s your role at Google?

I’m an engineering lead on the Pixel Mobile Wireless team. Our goal is to help connect people across the world with Google Pixel phones. We solve hardware and software challenges and work with different teams to improve functionality and performance. We talk about everything from design and bug fixes to performance optimization, which makes every day feel different. I love that no matter what we’re working on, it’s always interesting and helpful.

How did you land in your current role?

After completing my PhD in Computer Networking, I started my career at a Taiwanese integrated circuit (IC) design company. After that, I worked on modems at a technology company in China for several years. During that time, I had a few friends and former colleagues at Google, and when we spoke about their jobs and the company culture, everyone shared really positive experiences. Getting the chance to build a career around work that I enjoy was one of the biggest draws. So I applied and interviewed — and now, two years in, I’m leading a team.

What was your application and interview experience like?

Above everything, my recruiter was really supportive, which helped make the process feel much more straightforward. I actually applied and interviewed for another engineering position at first, but I didn’t end up getting it. I was disappointed at the time, but it wasn’t long before my recruiter shared another position that was even more aligned with my skills and career goals. Finding the right fit doesn’t always happen right away, and I appreciated that my recruiter was so committed to setting me up for success.

What have you learned about leadership since joining Google?

Google is a place where people truly listen and communicate openly. Because of this, I’ve learned to never assume anything. Instead, I put in the time to better understand my team and others we work with. It’s important to stay on the same page when you’re leading a team or project, and that requires respect and regular communication.

What makes Google Taiwan such a special place to work?

Taiwan is home to world-class integrated circuit design companies and is known for its thriving manufacturing industry. There’s a lot of exciting product development work happening here too, and it’s one of our largest sites in Asia. In fact, Taiwan is our largest hardware hub outside of the U.S. — with an engineering team that is uniquely skilled in both software and hardware integration. We collaborate with other functions and teams worldwide, and have opportunities to lead important projects from start to finish. From working on widely used products to building and leading a team, I’ve had growth opportunities here that I couldn’t have imagined just a few years ago. I’m continually inspired by the work we do.

On a more personal note, Taiwan is a relatively small island, easy to get around and nestled between the beach and the mountains — it’s a pretty nice place to work!

You recently participated in a live-streamed event about career opportunities at Google Taiwan. Can you tell us more about that?

The event was aimed at helping potential candidates learn more about technical career opportunities at Google Taiwan and what it’s like to work with us. I really enjoyed the conversation! If anyone is interested, they can watch the recording.

What advice do you have for aspiring Googlers?

Work closely with your recruiter! My recruiter guided me through Google’s interview process, shared tips about how to answer leadership-based questions and gave me insight into what the technical interview would be like. I hadn’t experienced this kind of interview support and care before, and it went a long way in helping me prepare. If you’re applying for an engineering role, I recommend doing programming exercises to practice your coding abilities. I also revisited my textbooks to review material, brushed up on my skills and searched for tips online from previous interviewees. Going through an interview process can be nerve-wracking, but the best thing you can do is just go for it.

Source

Continue Reading

Trending

Copyright © 2021 Today's Digital.