The White House met Wednesday with numerous high-profile private sector and education leaders to discuss the wide-ranging efforts needed to address cybersecurity threats.
Among those present were Microsoft chief executive Satya Nadella, JPMorgan Chase CEO Jamie Dimon, Apple CEO Tim Cook, IBM CEO Arvind Krishna and Google CEO Sundar Pichai.
The summit, held in the White House East Room, covered topics ranging from information sharing and the role of insurance in encouraging incentives for better cybersecurity to the nearly 500,000 public and private cybersecurity jobs that remain unfilled.
“We are in a cyberwar,” Hadi Partovi, the CEO of the education nonprofit Code.org, said in remarks reported in the Washington Post. “Nobody’s declared war, but attacks are happening every day. I felt optimistic that the set of folks who came together have [made] a commitment to work together, whether it’s with government or their competitors.”
The meeting follows massive cybersecurity and ransomware attacks over the past year on critical infrastructure, including that of Colonial Pipeline and JBS, as well as software and cloud providers such as Microsoft and SolarWinds, which have largely been perpetrated by cybercriminal groups based in Russia and China.
New Public and Private Cybersecurity Initiatives
Following the meeting, the Biden Administration released a fact sheet containing more than a dozen initiatives from public and private organizations.
At the top was a collaboration between the National Institute of Standards and Technology (NIST) and industry players to develop a new framework to improve the security and integrity of the technology supply chain.
Amazon pledged to make available to the public—for free—the security awareness training it offers its employees, while Google unveiled plans to invest $10 billion over the next five years to expand zero-trust programs, enhance open-source security and help secure the software supply chain.
Apple announced it would work with its suppliers to drive the mass adoption of multifactor authentication (MFA), security training and incident response, and Microsoft said it plans to invest $20 billion over the next five years to accelerate efforts to integrate cybersecurity by design and deliver advanced security solutions.
Expanding Access to Marginalized Groups
The initiatives also indicated efforts to reach out to minority groups: Girls Who Code announced it will establish a micro-credentialing program for historically excluded groups in technology.
IBM said it would partner with more than 20 Historically Black Colleges & Universities (HBCUs) to establish Cybersecurity Leadership Centers to grow a more diverse cybersecurity workforce.
Microsoft also has plans to expand partnerships with community colleges and non-profits for cybersecurity training.
These plans come at a time when more attention is being paid to workforce diversity in general and, in particular, to the lack of diversity in cybersecurity fields, a paucity that stretches from security operations center (SOC) analysts all the way through enterprise-level CISOs and board members.
“This is a really good sign that the administration understands the gravity of the current situation,” said Purandar Das, co-founder and chief security evangelist from Sotero. “The administration clearly understands the potential of the currents threats to wreak havoc on the economy.”
He warned that, if the current rate at which organizations lose consumer data continues, there is the potential for organizations to experience a total loss of consumer trust.
“This loss of trust could eventually lead to adverse economic impact if consumers decide to stay away from organizations that don’t adequately protect data,” he said.
Indeed, a recent study by SecZetta found organizations’ increasing use of contractors, freelancers and other third-party workers is weakening consumers’ trust in their data security.
“It has also become abundantly clear that this is not just a problem that is impacting individual organizations,” Das noted. “The recent wave of attacks using third-party software as carriers is indicative of the enormous risk posed by the interconnected networks.”
He pointed out organizations don’t just operate in siloes, but rather as connected entities that use a plethora of software, including those from tech giants.
“Cooperation and increased vigilance is essential, and the intervention of the administration is a great step,” Das said. “Additional enforcement has to be the stick. Organizations ought to start thinking of information protection before profits. Data or information loss as a cost of doing business is probably the biggest block to achieving security goals.”
A Greater Focus on Cybersecurity
On May 12, the Biden Administration released an executive order aimed at government agencies, vendors and developers, who all will have to design their products with a greater focus on security.
Included in the EO are some concrete best practices that could become commonplace standards, including auditing trust relationships, use of multifactor authentication, encrypting data and maintaining up-to-date software.
Last month, as part of the administration’s cybersecurity awareness push, Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger outlined the ways in which the Biden administration is hammering out a “cohesive and consistent approach” to guide cities on how to handle ransomware attacks, including whether or not they should pay a ransom.
The world’s major democratic governments are also taking steps to coordinate and bolster cybersecurity defenses, with the European Union and the United States launching a joint initiative to combat ransomware.
The stated goals of the partnership, which were announced in June, highlight law enforcement action and raising public awareness on how to protect networks.