Tag Archives: Public Policy

Welcoming US-EU collaboration on cybersecurity

Armistice Day is a perennial reminder of the perils of unchecked escalation and the sacrifices of prior generations to protect peace and security. Multilateralism, borne out of the 20th century’s conflicts, is just as relevant in a world of 21st-century threats. That’s particularly true for one of the most pressing multi-stakeholder challenges today: cybersecurity.

The internet itself is a multi-stakeholder system, and protecting citizens online requires cooperation among governments and businesses. For example, this week’s crackdown on ransomware operators by Europol and the U.S. Department of Justice, resulting in the arrests of two REvil operators, capped off an enforcement effort that spanned a year and as many as 17 nations. These actions, coming just ahead of the 20th anniversary of the Budapest Convention, highlight the value of cross-border cooperation in fighting cybercrime, as well as the importance of protecting individuals and their rights online.

Likewise, we applaud the news, announced by U.S. Vice President Kamala Harris in Paris, that the United States is expanding its efforts to advance international cooperation in cybersecurity, by joining the Paris Call for Trust and Security in Cyberspace — a voluntary commitment to work with the international community to advance cybersecurity and preserve the open, interoperable, secure, and reliable Internet.

Google was among the first signatories to the Paris Call in 2018 when it was initially advanced by the government of President Macron of France.

The Paris Call’s 9 principles are something we should all agree to, but it is past time to put them into action. Google has unique expertise supporting many of these principles. To name a few:

  • Defend electoral processes. Through our Advanced Protection Program (APP), we partner with organizations around the world to protect elected officials, campaign offices, and other high-risk users such as human rights workers and journalists. During the 2020 United States elections, APP was the go-to choice for 140 federal campaigns. Since the launch of APP, there have been zero identified instances of a successful targeted attack on an APP user.
  • Lifecycle Security. The Solarwinds attack underscored the real risks and ramifications of supply chain attacks. To improve our own security and support the broader community, we worked with the Open Source Security Foundation (OpenSSF) to develop and release Supply-chain Levels for Software Artifacts (SLSA or “salsa”), a proven framework for securing the software supply chain. We also pledged to provide $100 million to support third-party foundations, like OpenSSF, that manage open source security priorities and help fix vulnerabilities.
  • Cyber Hygiene. Advancing cyber hygiene is a simple way to reduce the majority of successful attacks. At our Google Safety Engineering Center (GSEC) in Munich and at Google security engineering hubs around the world, we are making it easier for our users to stay safe. For example, Google has been at the forefront of innovation in two-step verification (2SV) for years. And because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users’ accounts into a more secure state. By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require 2 million YouTube creators to turn it on.

Though there is much we can do as a community, what we have learned in the wake of SolarWinds, Hafnium, and other attacks is that companies need to contribute more of their technology and expertise to solving these challenges. In that vein, we are doubling down to develop solutions to protect users, organizations, and society. Earlier this year, we announced that we will invest $10 billion over the next five years to keep users and customers safer, including expanding access to zero-trust security tools and offering free security skills training programs for workers in the U.S. and Europe.

Google keeps more people safe online than anyone else by putting security at the core of everything we do. We are committed to advancing community-driven, multi-stakeholder approaches to cybersecurity. We look forward to expanding our work with governments and the private sector to develop security technologies and standards that make us all safer.

Bringing COP26 to people everywhere

This November at COP26, global leaders will meet in Glasgow to discuss how to jointly address the challenge of climate change. Recent research has found that more than 70% of the global population is concerned or fearful about climate change. So we’re focused on making this year’s conference accessible to everyone. In partnership with the COP26 Presidency, we’ll livestream the activities through YouTube and Google Arts and Culture, helping COP26 expand the reach of its digital channels. YouTube creators at the conference will create content to share with their global audiences, and we’ll publish video, imagery and artworks from “the green zone” — the center of COP26 activity — via a new page on Google Arts and Culture, inviting people everywhere to learn about the discussions and activities taking place.

"I'm delighted COP26 is partnering with Google to help bring the Green Zone of COP26 to the world in a few days’ time,” COP President-Designate Alok Sharma said. “With more than 200 captivating and diverse events on offer we want everyone to have the opportunity to learn more about climate action and help protect our planet."

Our work at COP26 is part of our larger third decade of climate action strategy. We’re not only committed to be more sustainable in how Google operates as a business, but we’re also focused on building new technologies to make sure that partners, enterprise customers and the billions of people who use Google products every day can be more sustainable as well.

How we’re leading at Google

At Google, our goal is to achieve net zero emissions across all of our operations and value chain by 2030. We aim to reduce the majority of our emissions (versus our 2019 baseline) before 2030, and plan to invest in nature-based and technology-based carbon removal solutions to neutralize our remaining emissions.

We were the first major company to operate as carbon neutral in 2007, and have matched our energy use with 100 percent renewable energy for four years in a row. Last year we set a moonshot goal to operate on 24/7 carbon-free energy by 2030 for all of our data centers and campuses. That means that by the end of the decade, we aim to deliver every search, every email, and every YouTube video without emitting carbon. We’re making strong progress — in 2020 we achieved 67% carbon-free energy on an hourly basis across our data centers, up from 61% in 2019. Five of our data centers, including those in Denmark and Finland, are at or near 90% carbon-free energy.

On our campuses we’re investing in sustainable energy innovations, like dragonscale solar and geothermal pilings, to get us closer to our goal to be carbon-free by 2030. We hope these new technologies will inspire similar projects from others that advance sustainability without compromising design and aesthetics.

How we’re enabling our partners

Urban areas are currently responsible for 70% of the world’s carbon emissions. Last year we pledged to help more than 500 cities reduce one gigaton of carbon emissions per year by 2030 via Google’s Environmental Insights Explorer (EIE). EIE is helping major cities, including Amsterdam, Birmingham UK and Copenhagen, map their emissions data, solar potential, and air quality for their remediation plans.

Technology can also help cities decarbonize in more direct ways. We recently shared an early research project that is deploying AI to help cities make their traffic lights more efficient, and we have a pilot program in Israel accomplishing this. So far, we have seen a 10-20% reduction in fuel consumption and delay time at intersections. We’re excited to expand this pilot to Rio de Janeiro and beyond.

Finally, we’re helping business customers like Whirlpool, Etsy, HSBC, Unilever and Salesforce develop solutions for the specific climate change challenges they face. Unilever is working with the power of Google Cloud and satellite imagery through Google Earth Engine to help avoid deforestation in their supply chain. At Cloud Next, we launched Carbon Footprint, a tool that helps large and small businesses understand their gross carbon emissions associated with the electricity of their Google Cloud Platform usage. This new information will help companies track progress toward their own climate targets.

How we’re aiming to empower everyone

In addition to businesses, increasingly individuals are focused on what more they can do to help the planet. That’s why we committed to help 1 billion people make more sustainable choices by 2022 through Google’s products and services. Recently, we shared several new ways people can use Google’s products to make sustainable choices — from choosing eco-friendly routes and searching for greener flights, hotels, and appliances to supporting clean energy from home with Nest and surfacing authoritative information on climate change from sources like the United Nations.

Google’s goal is to make the sustainable choice an easier choice — for governments, businesses, and individuals. We look forward to a carbon-free future and are excited to continue the conversation at COP26.

Our Content Removal Transparency Report for January to June 2021

Courts and government agencies around the world regularly require that we remove content and information from various Google services like Google Search and YouTube.

We review these demands carefully to determine if the content that is the subject of the request violates a specific local legal requirement. Because we value access to information, we work to minimize over-reaching removals whenever possible by seeking to narrow the scope of government demands and ensure that they are authorized by relevant laws.

For over a decade, we’ve also published a transparency report on Government Requests for Content Removal. This report includes only demands made by governments and courts. We report separately on requests by private actors under content-removal systems established by various governments such as the Digital Millennium Copyright Act (DMCA) in the United States or the Right to be Forgotten included in the General Data Protection Regulation (GDPR) in the EU.

Over the years, as use of our services has grown, our transparency report shows a rise in the number of government demands for content removal – as to both the volume of requests that we receive and the number of individual items of content we are asked to remove. Today’s transparency report, covering January to June 2021, represents the highest volumes we’ve seen on both measures to date.

January - June 2021 Data

Top countries by volume of requests:

  1. Russia
  2. India
  3. South Korea
  4. Turkey
  5. Pakistan
  6. Brazil
  7. United States
  8. Australia
  9. Vietnam
  10. Indonesia

Top countries by volume of items:

  1. Indonesia
  2. Russia
  3. Kazakhstan
  4. Pakistan
  5. South Korea
  6. India
  7. Vietnam
  8. United States
  9. Turkey
  10. Brazil

As research by organizations like Freedom House makes clear, all online platforms are seeing a similar trend.

We’re also seeing a significant increase in the number of laws that require information to be removed from online services. These laws vary by country and region, and require the removal of content on a very wide range of issues – from hate speech to adult content and obscenity, to medical misinformation, to privacy and intellectual property violations.

Many of these laws seek to protect people online and align with Google's own platform policies and community guidelines that help ensure people have a good experience while they are using our services. But laws in some countries can also go significantly beyond those policies, affecting access to information on a range of topics.

Coupled with this, we’ve also seen new laws that impose individual liability on local employees for actions taken by a company offering online services. These types of laws have drawn concern from organizations like the Global Network Initiative because individuals can be pressured, prosecuted, and held personally liable, even when they are not responsible for the content decisions of the company they work for.

While content removal and local representative laws are often associated with repressive regimes, they are increasingly not limited to such nations. Findings from entities like the UN Office of the High Commissioner for Human Rights (OHCHR), our own transparency report data, and any survey of international laws introduced over the past few years all point to the fact that we are likely to continue to see a rise in these types of laws across more countries around the world.

We support comprehensive climate and clean energy policy

Last year we announced Google’s third decade of climate action and set an ambitious moonshot goal to operate on 24/7 carbon-free energy by 2030. This means that every hour of every day, our data centers and campuses will use clean energy that doesn’t emit any carbon.

We’re already hard at work and as of 2020 we are operating at over 67% carbon-free energy across our data centers, up from 61% in 2019. We’re investing in new technologies like advanced geothermal and dragonscale solar to reduce emissions at our data centers and campuses, and are beginning to demonstrate that it’s possible to operate truly carbon free.

Beyond Google, a grid powered by clean energy will reduce a major source of greenhouse gas emissions and unleash sustainable innovation in other parts of our economy, like electrification of the transportation sector. This is good for the planet, good for business, and good for American competitiveness.

Corporate commitments for carbon-free energy are helping scale up clean energy across America, and we're seeing hundreds of companies take action. In fact, we’ve encouraged the U.S. government to adopt a 24/7 carbon-free energy goal for federal facilities and helped launch a 24/7 Carbon-free Energy Compact with SE4ALL and UN Energy.

But for us and other companies to realize this future, we need to galvanize investment and modernization of our energy infrastructure. It’s for this reason that we have supported strong climate policies like clean energy standards and renewable energy tax incentives, which have helped enable clean electricity generation to grow dramatically in dozens of states.

And it’s why we support the clean energy and climate provisions in the bipartisan infrastructure and budget reconciliation packages. These provisions provide the funding and supportive regulatory climate to promote important investments in clean energy that help the U.S. move toward a cleaner and greener energy system, putting the vision of carbon-free operations within reach.

This is a pivotal moment. Strong, comprehensive climate and clean energy policy can help lead the way to 24/7 carbon-free grids and to the transition to a 1.5°C world. The moment is now.

Strengthening the transatlantic digital space

This week, European and US leaders will convene the first meetings of the Trade and Technology Council (TTC) with the goal of renewing a transatlantic dialogue on critical global challenges and strengthening technological cooperation. As I recently wrote, we strongly support the goals of the Council and believe closer cooperation on digital, trade and economic policy will help achieve shared goals – overcoming the pandemic, achieving an equitable economic recovery, promoting the responsible use of technology, and advancing democratic norms.

The TTC has a wide-ranging agenda, with ten working groups covering a broad array of topics. While it is encouraging that both sides have agreed that all issues should be on the table, the long-term success of the forum will depend on the parties focusing and making progress on the most critical ones. To that end, here are a few that we think merit serious attention:

  • Transatlantic regulatory principles:The digital economy and the millions of jobs it supports on both sides of the Atlantic require meaningful consultation between EU and US decision makers based on shared regulatory principles. While policymakers on both sides are rightly debating new rules around technology in areas like AI, it is essential that these and other new policies governing digital markets and services are interoperable and focused on helping and protecting consumers – adhering to principles of consistent treatment, robust due process protections, and safeguards for user privacy and intellectual property.
  • Secure transatlantic cyberspace:Internet infrastructure on both sides of the Atlantic and globally is increasingly under threat as cyberattacks continue to exploit vulnerabilities targeting people, organizations, and governments. Greater coordination between European and US cybersecurity work, including building shared standards, is critical to enhanced effectiveness. We’re committed to supporting this initiative, including by partnering with government, industry and academia, and we recently pledged to invest $10 billion over the next five years to strengthen cybersecurity around the world.
  • Legal certainty on data flows: In the digital world, where every email and video conference involves the transfer of data, businesses on both sides of the Atlantic need legal certainty that such data flows can continue, subject to agreed protection of consumer privacy. The EU and US urgently need a reliable, long-term agreement on transatlantic data flows. Resolving this issue with a new Privacy Shield will enable Europe and the US to drive trust with allies and globally.  
  • Responsible use of technology:Artificial intelligence and emerging technologies are increasingly critical to the transatlantic economy and to tackling common challenges like climate change. During the pandemic, AI has been used to boost knowledge sharing, enable better prediction of health trends, and support research to develop vaccines and treatments for serious disease. But these same technologies also present new challenges and risks, as well as potential regulatory conflicts. Under the TTC, the EU and US have an opportunity to establish a common approach to AI policy and research that enables responsible AI innovation and adoption around the world. The business community has an important role to play here, which is why we created a set of AI principles that govern our responsible development of this technology and are sharing our progress in implementation.
  • Trade and technology for everyone: All too often, small businesses and workers have been an afterthought when it comes to the international trading system and the technology agenda. A smart approach to trade policy and innovation can bring them back in – and create new opportunities for workers and small businesses on both sides of the Atlantic. The EU and the US should identify access barriers, find new ways to ensure that workers get digital skills, and put digital tools and exporting technologies in the hands of small businesses. At Google, we have launched an updated version of our Market Finder tool, which enables small businesses to sell their goods and services to international markets. And we’re partnering with a range of actors – whether through the European Commission’s Pact for Skills or directly with community colleges, non-profits, and workforce boards – to make our job training programs more accessible. So far, these programs have helped over 100,000 people on each side of the Atlantic to secure new jobs.
  • An open internet that respects international human rights:We continue to believe that an open internet – one that respects human rights – benefits everyone. But the open internet is increasingly under threat. According to Freedom House, governments suspended internet access in over 20 countries in 2021 and dozens of countries pursued content rules that would impact freedom of expression. We need democracies – led by Europe and the US – to continue to stand up for internet freedom and human rights in the online space. We are committed to working with governments, multilateral and multi-stakeholder organizations, and other technology companies to advance those values.  

The historic partnership between Europe and the US faces some profound challenges, but, as in the past, we have always found opportunities to build and strengthen our partnership based on shared values and common principles. The launch of the TTC is proof that our shared values are stronger than any individual difference of opinion. We applaud this initiative and stand ready to contribute to its success.  

A digital fast lane for emerging economies

A look at the new Future Readiness Economic Index for decision makers

The pandemic has had devastating effects on  emerging economies, threatening to undo thirty years of progress. In countries like Kenya, India, and Brazil, COVID drove up unemployment, disrupted supply chains, and devastated entire sectors.

If we do nothing, it could take years for these countries to recover, creating even greater divides between people in developed and emerging economies. But we’re seeing a contrary trend that could dramatically turn things around. Looking beyond the short-term headlines to longer-term trends actually tells a different story.

As last year’s Digital Sprinters Framework outlined, if emerging economies adopt the right digital policies, they could actually emerge stronger and better prepared to accelerate economic growth and opportunity.

While COVID has accelerated use of technology to learn and conduct business, almost half of all households in the developing world still lack access to broadband and high-speed internet. Greater digital adoption could help emerging economies generate as much as $3.4 trillion of economic value by 2030. That amount of growth would mean an astonishing 25 percent increase in GDP in Brazil, a 31 percent increase in Saudi Arabia and a 33 percent increase in Nigeria.

Unlocking this growth will require focused initiatives. Governments in emerging markets want to know where to invest limited resources, and how to support and grow their national talent pool.  That’s why, building on the Digital Sprinters framework, Google commissioned the Portulans Institute to develop a “Future Readiness Economic Index” — a ranking of digital progress, and a roadmap for the future.


The Future Readiness Economic Index

The Future Readiness Economic Index gives governments, businesses and analysts comprehensive metrics and milestones to assess their digital transformation.

Assessing countrywide trends can be an inexact science. But by breaking down the data in critical areas like infrastructure, talent development, skills matching, and technology adoption, the Portulans Institute’s Index can help countries focus their efforts to get the biggest returns on investment. For example, the Index suggests that Brazil, which ranks 67th globally on the Index, could sprint ahead with more adoption of digital technologies like cloud, AI and machine learning.


Seizing the chance to sprint ahead

Emerging economies have a key advantage. Unlike developed economies — which need to upgrade or replace outdated legacy infrastructure — many emerging markets can leapfrog ahead, building advanced tools from scratch rather than remodeling existing ones. (Think of how many countries without extensive landline telephone infrastructures in the 1990s have become leaders in mobile telephony adoption.)

Starting with the latest technologies can streamline progress. But which technologies, and what’s the right balance of investing in human capital, infrastructure and other critical elements? And which policies will accelerate progress and yield the greatest gains in competitiveness? The Index provides some objective comparisons to help answer those questions.

Good public policy that supports technology innovation can expand the pie for everyone.  Widely dispersed technological progress has doubled human lifespans over the last century and lifted more than a billion people from poverty in the last thirty years alone. Evidence-based investments, policies and digital tools will equip emerging economies to make even more progress in the years ahead.

Google at the UN General Assembly

Next week, leaders from government, civil society and the business community will convene at the United Nations General Assembly (UNGA) to discuss how we can work together to solve the world’s biggest challenges. If the past two years have shown us anything, it’s that tackling global problems like pandemics, economic inequality and climate change demand global collaboration, across borders and across sectors. At Google, we’re committed to doing our part.


Earlier this year, I wrote about how we are accelerating our partnerships with international organizations in a number of areas. For example, since the start of the pandemic, we've launched more than 200 new products, provided over $150 million to public health officials to promote vaccine education, and enhanced existing products like Google Search and Maps to highlight authoritative information about COVID-19 and local vaccination sites. We’ve also continued to increase our support for the UN by providing over $250 million in Ad Grants, which has enabled it to serve over 1.6 billion ads and reach people in more than 200 countries with messages about COVID-19 prevention, vaccine safety and more. 


At UNGA this year, we will be deepening our collaboration with international organizations as we add our voice to critical policy discussions, share what we have learned from our partnerships, and seek out new ways to collaborate with multi-stakeholder groups.


Here are just a few events at which we’ll be participating next week around key issues.

Economic Recovery 

While the pandemic has exacerbated economic inequality around the world, the data shows that nations that adopt technology are poised to recover quicker. According to recent research, 16 emerging countries could generate as much as $3.4 trillion of economic value through digital transformation by 2030. 


On September 20, Google SVP of Global Affairs Kent Walker will join the Concordia Summit to discuss a new Future Readiness Index commissioned by Google and developed by the Portulans Institute. This interactive tool is designed to help governments use key metrics and data to make sound investments in technology, infrastructure and talent.


Later next week, Kent and I will join the Leaders on Purpose Summit for conversations about how the private sector and governments can work together to help more people prepare for jobs, and how sound digital policies can help governments drive economic opportunity and growth.

Sustainability and Climate Action

Technology has an important role to play in tackling climate change, and we’ve long been committed to advancing the UN’s Sustainable Development Goals and collaborating with UN entities like the Framework Convention on Climate Change to drive progress. We were the first major company to be carbon neutral and match 100% of our annual electricity use with renewables, and now we’re working to be the first major company to operate on 24/7 carbon-free energy by 2030.

On September 24 at theUN High Level Dialogue on Energy, our CFO Ruth Porat will call on other companies and governments to join the Sustainable Energy for All-Google 24/7 Carbon Free Energy Compact. Ruth will also speak at the kickoff of Climate Week on September 20 to discuss how we are working to achieve sustainability at scale and fulfill our commitment to offer 1 billion people new ways to live more sustainably by 2022 via our core products.

Music and Culture

In celebration of Beethoven’s 250th birthday, Google Arts & Culture and YouTube collaborated with other worldwide partners on the Global Ode To Joy project. Through this initiative, which is a fitting contribution to the UN’s International Year of the Creative Economy for Sustainable Development, thousands of users, top-tier artists, and orchestras from more than 70 countries came together to create and share videos of Beethoven’s music. On September 22, Kent will host a panel during the Concordia Summit with participants from the Ode to Joy campaign to discuss how music is bringing people together during the pandemic.


To be sure, with many events this year again virtual, UNGA 2021 will be a little different from years past. But the opportunities it presents for engagement with partners from around the world remain rich, and the need for collaboration substantial. Whether in person or over a screen, Google is “all in” when it comes to supporting the UN’s vision of multilateral and multi-stakeholder approaches to confronting the world’s biggest challenges. 


Collaborating with the UN to accelerate crisis response

In remarks to the UN's High-Level Humanitarian Event on Anticipatory Action, Google SVP for Global Affairs, Kent Walker, discusses collaboration to accelerate crisis preparedness and predict crises before they happen. Read the full remarks below.


Mr. Secretary General, your excellencies, ladies and gentlemen - it’s an honor to join you as we come together to discuss these critical humanitarian issues.

As you know, technology is already raising living standards around the world—leveraging science to double life spans over the last 100 years, helping a billion people emerge from poverty in the last 30 years alone. And innovation will help drive environmental sustainability, raise living standards, improve healthcare, and enhance crisis response.

But addressing global needs in a meaningful way requires strong collaborations between technologists, governments, humanitarian organizations, and those most directly affected.

That’s why we are pleased to announce a $1.5 million commitment to OCHA’s Center for Humanitarian Data. Over the next two years, Google.org will support the Center in scaling up the use of forecasts and predictive models to anticipate humanitarian crises and trigger the release of funds before conditions escalate.

From the earliest days of efforts like Hans Rosling’s GapMinder, it’s been a dream that rather than waiting for a crisis to occur, data and technology could help predict events like droughts or food shortages weeks ahead of time, allowing agencies to provide alerts and deliver supplies to avert the crisis. That technology exists now, today—and we need to put it to work.

With the signs of climate change all around us, it’s essential that we improve our collective preparedness, and protect our most vulnerable populations.

Google is honored to support the critical work led by OCHA and the Center for Humanitarian Data, and we’re committed to combining funding, innovation, and technical expertise to support underserved communities and expand opportunity for everyone.

We hope others will join us in the important work of getting ahead of crises before they happen.

Thank you.

Why we’re committing $10 billion to advance cybersecurity

We welcomed the opportunity to participate in President Biden’s White House Cyber Security Meeting today, and appreciated the chance to share our recommendations to advance this important agenda. The meeting comes at a timely moment, as widespread cyberattacks continue to exploit vulnerabilities targeting people, organizations, and governments around the world.


That’s why today, we are announcing that we will invest $10 billion over the next five years to strengthen cybersecurity, including expanding zero-trust programs, helping secure the software supply chain, and enhancing open-source security. We are also pledging, through the Google Career Certificate program, to train 100,000 Americans in fields like IT Support and Data Analytics, learning in-demand skills including data privacy and security. 


Governments and businesses are at a watershed moment in addressing cybersecurity. Cyber attacks are increasingly endangering valuable data and critical infrastructure. While we welcome increased measures to reinforce cybersecurity, governments and companies are both facing key challenges: 


First, organizations continue to depend on vulnerable legacy infrastructure and software, rather than adopting modern IT and security practices. Too many governments still rely on legacy vendor contracts that limit competition and choice, inflate costs, and create privacy and security risks. 


Second, nation-state actors, cybercriminals and other malicious actors continue to target weaknesses in software supply chains and many vendors don’t have the tools or expertise to stop them. 


Third, countries simply don’t have enough people trained to anticipate and deal with these threats. 


For the past two decades, Google has made security the cornerstone of our product strategy. We don’t just plug security holes, we work to eliminate entire classes of threats for consumers and businesses whose work depends on our services. We keep more users safe than anyone else in the world — blocking malware, phishing attempts, spam messages, and potential cyber attacks. We’ve published over 160 academic research papers on computer security, privacy, and abuse prevention, and we warn other software companies of weaknesses in their systems. And dedicated teams like our Threat Analysis Group work to counter government-backed hacking and attacks against Google and our users, making the internet safer for everyone.


Extending the zero-trust security model 

We’re one of the pioneers inzero-trust computing, in which no person, device, or network enjoys inherent trust.  Trust that allows access to information must be earned.  We’ve learned a lot about both the power and the challenges of running this model at scale. 


Implemented properly, zero-trust computing provides the highest level of security for organizations.  We support the White House effort to deploy this model across the federal government. 


As government and industry work together to develop and implement zero-trust solutions for employee access to corporate assets, we also need to apply the approach to production environments. This is necessary to address events like Solarwinds, where attackers used access to the production environment to compromise dozens of outside entities. The U.S. government can encourage adoption by expanding zero-trust guidelines and reference architecture language in the Executive Order implementation process to include production environments, which in addition to application segmentation substantially improves an organization’s defense in depth strategy. 


Securing the software supply chain 

Following the Solarwinds attack, the software world gained a deeper understanding of the real risks and ramifications of supply chain attacks. Today, the vast majority of modern software development makes use of open source software, including software incorporated in many aspects of critical infrastructure and national security systems. Despite this, there is no formal requirement or standard for maintaining the security of that software. Most of the work that is done to enhance the security of open source software, including fixing known vulnerabilities, is done on an ad hoc basis. 


That’s why we worked with the Open Source Security Foundation (OpenSSF) to develop and release Supply Chain Levels for Software Artifacts (SLSA or “salsa”), a proven framework for securing the software supply chain. In our view, wide support for and adoption of the SLSA framework will raise the security bar for the entire software ecosystem. 


To further advance our work and the broader community’s work in this space, we committed to invest in the expansion of the application of our SLSA framework to protect the key components of open-source software widely used by many organizations. We also pledged to provide $100 million to support third-party foundations, like OpenSSF, that manage open source security priorities and help fix vulnerabilities.


Strengthening the digital security skills of the American workforce

Robust cybersecurity ultimately depends on having the people to implement it. That includes people with digital skills capable of designing and executing cybersecurity solutions, as well as promoting awareness of cybersecurity risks and protocols among the broader population. In short, we need more and better computer security education and training.  


Over the next three years, we're pledging to help 100,000 Americans earn Google Career Certificates in fields like IT Support and Data Analytics to learn in-demand skills including data privacy and security. The certificates are industry-recognized and supported credentials that equip Americans with the skills they need to get high-paying, high-growth jobs. To date, more than half of our graduates have come from backgrounds underserved in tech (Black, Latinx, veteran, or female). 46% of our graduates come from the lowest income tertile in the country. And the results are strong: 82% of our graduates report a positive career impact within six months of graduation. Additionally, we will train over 10 million Americans in digital skills from basic to advanced by 2023.


Leading the world in cybersecurity is critical to our national security. Today’s meeting at the White House was both an acknowledgment of the threats we face and a call to action to address them. It emphasized cybersecurity as a global imperative and encouraged new ways of thinking and partnering across government, industry and academia. We look forward to working with the Administration and others to define and drive a new era in cybersecurity. Our collective safety, economic growth, and future innovation depend on it.


Why we’re committing $10 billion to advance cybersecurity

We welcomed the opportunity to participate in President Biden’s White House Cyber Security Meeting today, and appreciated the chance to share our recommendations to advance this important agenda. The meeting comes at a timely moment, as widespread cyberattacks continue to exploit vulnerabilities targeting people, organizations, and governments around the world.


That’s why today, we are announcing that we will invest $10 billion over the next five years to strengthen cybersecurity, including expanding zero-trust programs, helping secure the software supply chain, and enhancing open-source security. We are also pledging, through the Google Career Certificate program, to train 100,000 Americans in fields like IT Support and Data Analytics, learning in-demand skills including data privacy and security. 


Governments and businesses are at a watershed moment in addressing cybersecurity. Cyber attacks are increasingly endangering valuable data and critical infrastructure. While we welcome increased measures to reinforce cybersecurity, governments and companies are both facing key challenges: 


First, organizations continue to depend on vulnerable legacy infrastructure and software, rather than adopting modern IT and security practices. Too many governments still rely on legacy vendor contracts that limit competition and choice, inflate costs, and create privacy and security risks. 


Second, nation-state actors, cybercriminals and other malicious actors continue to target weaknesses in software supply chains and many vendors don’t have the tools or expertise to stop them. 


Third, countries simply don’t have enough people trained to anticipate and deal with these threats. 


For the past two decades, Google has made security the cornerstone of our product strategy. We don’t just plug security holes, we work to eliminate entire classes of threats for consumers and businesses whose work depends on our services. We keep more users safe than anyone else in the world — blocking malware, phishing attempts, spam messages, and potential cyber attacks. We’ve published over 160 academic research papers on computer security, privacy, and abuse prevention, and we warn other software companies of weaknesses in their systems. And dedicated teams like our Threat Analysis Group work to counter government-backed hacking and attacks against Google and our users, making the internet safer for everyone.


Extending the zero-trust security model 

We’re one of the pioneers inzero-trust computing, in which no person, device, or network enjoys inherent trust.  Trust that allows access to information must be earned.  We’ve learned a lot about both the power and the challenges of running this model at scale. 


Implemented properly, zero-trust computing provides the highest level of security for organizations.  We support the White House effort to deploy this model across the federal government. 


As government and industry work together to develop and implement zero-trust solutions for employee access to corporate assets, we also need to apply the approach to production environments. This is necessary to address events like Solarwinds, where attackers used access to the production environment to compromise dozens of outside entities. The U.S. government can encourage adoption by expanding zero-trust guidelines and reference architecture language in the Executive Order implementation process to include production environments, which in addition to application segmentation substantially improves an organization’s defense in depth strategy. 


Securing the software supply chain 

Following the Solarwinds attack, the software world gained a deeper understanding of the real risks and ramifications of supply chain attacks. Today, the vast majority of modern software development makes use of open source software, including software incorporated in many aspects of critical infrastructure and national security systems. Despite this, there is no formal requirement or standard for maintaining the security of that software. Most of the work that is done to enhance the security of open source software, including fixing known vulnerabilities, is done on an ad hoc basis. 


That’s why we worked with the Open Source Security Foundation (OpenSSF) to develop and release Supply Chain Levels for Software Artifacts (SLSA or “salsa”), a proven framework for securing the software supply chain. In our view, wide support for and adoption of the SLSA framework will raise the security bar for the entire software ecosystem. 


To further advance our work and the broader community’s work in this space, we committed to invest in the expansion of the application of our SLSA framework to protect the key components of open-source software widely used by many organizations. We also pledged to provide $100 million to support third-party foundations, like OpenSSF, that manage open source security priorities and help fix vulnerabilities.


Strengthening the digital security skills of the American workforce

Robust cybersecurity ultimately depends on having the people to implement it. That includes people with digital skills capable of designing and executing cybersecurity solutions, as well as promoting awareness of cybersecurity risks and protocols among the broader population. In short, we need more and better computer security education and training.  


Over the next three years, we're pledging to help 100,000 Americans earn Google Career Certificates in fields like IT Support and Data Analytics to learn in-demand skills including data privacy and security. The certificates are industry-recognized and supported credentials that equip Americans with the skills they need to get high-paying, high-growth jobs. To date, more than half of our graduates have come from backgrounds underserved in tech (Black, Latinx, veteran, or female). 46% of our graduates come from the lowest income tertile in the country. And the results are strong: 82% of our graduates report a positive career impact within six months of graduation. Additionally, we will train over 10 million Americans in digital skills from basic to advanced by 2023.


Leading the world in cybersecurity is critical to our national security. Today’s meeting at the White House was both an acknowledgment of the threats we face and a call to action to address them. It emphasized cybersecurity as a global imperative and encouraged new ways of thinking and partnering across government, industry and academia. We look forward to working with the Administration and others to define and drive a new era in cybersecurity. Our collective safety, economic growth, and future innovation depend on it.