Industry leaders from the technology, financial, and education sectors have pledged a wide range of private-sector initiatives to tackle the nation’s cybersecurity problems. Those efforts include increasing the cybersecurity talent pool, boosting security awareness, and better securing the software supply chain. Microsoft pledged $20 billion and Google pledge $10 billion to develop more advanced security solutions in areas such as security by design, zero-trust, software supply chain, and open-source software.
That announcement came at a meeting hosted by the Biden Administration yesterday where private sector leaders met with national security and cabinet team members to tackle the nation’s cybersecurity problems. Among the attendees from the government were:
- Commerce Secretary Gina Raimondo
- Energy Secretary Jennifer Granholm
- Homeland Security Secretary Alejandro Mayorkas
- SBA Administrator Isabel Guzman
- National Security Advisor Jake Sullivan
- Director of the National Economic Council Brian Deese
- Senior Advisor and Director of the Office of Public Engagement Cedric Richmond
- Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger
- National Cyber Director Chris Inglis
- Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly
Tech industry attendees included Carlos Rodriguez, President and CEO of ADP, Sundar Pichai, CEO of Alphabet, Andy Jassy, CEO of Amazon, Tim Cook, CEO of Apple, Dr. Arvind Krishna, Chair and CEO of IBM and Satya Nadella, Chair and CEO of Microsoft. The CEOs of Bank of America, JPMorgan Chase, TIAA, and US Bancorp represented the financial industry at the meeting. The CEOs of four leading insurance companies also attended, as did the CEOs of seven water and energy companies. Five leaders from the education community rounded out the group.
The meeting participants broke out into three separate sessions. The first was Critical Infrastructure Resilience, chaired by Secretary Mayorkas and Secretary Granholm and attended by the financial, energy, and water executives. The second session, Building Enduring Cybersecurity, was chaired by Secretary Raimondo and SBA Administrator Guzman and attended by the high-tech and insurance executives. Education leaders attended the third session, devoted to the cybersecurity workforce and chaired by National Cyber Director Inglis.
Federal government can’t meet challenge alone
President Biden kicked off the meeting by recapping his administration’s cybersecurity efforts. Since January, the administration’s has, among other things, launched a 100-day initiative to improve cybersecurity across the electric sector, ordered the creation of a framework to upgrade software security, and began a campaign to get G7 countries to hold nations that harbor ransomware threat actors accountable.
Biden also noted that he held a summit with Vladimir Putin and “made it clear to him that we expected him to hold them accountable as well because they know where they are and who they are. But that’s another issue we will not be discussing so much today.”
Biden told the high-powered attendees, “The reality is, most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone. I’ve invited you all here today because you have the power, the capacity, and the responsibility, I believe, to raise the bar on cybersecurity.”
Skilled cybersecurity workforce not growing fast enough
One issue that keeps the bar lower than it should be is the shortage of qualified professionals, which was a major focus of the event. “Our skilled cybersecurity workforce has not grown fast enough to keep pace,” Biden said in his remarks.
The administration estimates that around 500,000 cybersecurity jobs currently go unfilled in the US. As one step toward narrowing the skills gap, at least in the federal government, the Department of Homeland Security separately published yesterday in the federal register the Cybersecurity Talent Management System (CTMS). This new compensation system raises the top federal cybersecurity annual pay to $255,800, the current vice president’s salary, with escalations beyond that under certain circumstances.
Broad array of steps promised
After the meeting, the White House unveiled an array of steps that the attendees pledged to take to improve the information and technology security landscape including:
- A collaboration between the National Institute of Standards and Technology (NIST) and industry and other players to improve the security and integrity of the technology supply chain, including open-source software. Microsoft, Google, and insurance companies Travelers and Coalition say they are committed to participating in this NIST-led initiative.
- The formal expansion of the Industrial Control Systems Cybersecurity Initiative beyond electric utilities to include natural gas pipelines.
- A new program by Apple to drive continuous security improvements throughout the technology supply chain. Apple also said it would work with its suppliers. including more than 9,000 in the United States, to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response
- A $10 billion investment by Google over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security. Google also said it would help 100,000 Americans earn industry-recognized digital skills certificates that provide the knowledge that can lead to secure high-paying, high-growth jobs.
- IBM said it would train 150,000 people in cybersecurity skills over the next three years and partner with more than 20 historically black colleges and universities (HBCUs) to establish cybersecurity leadership centers to grow a more diverse cyber workforce.
- Microsoft said it would spend $20 billion over the next five years to accelerate integrating cybersecurity by design and delivering advanced security solutions. The Redmond giant said it would also make available $150 million in technical services to help federal, state, and local governments upgrade security protection and expand partnerships with community colleges and non-profits for cybersecurity training.
- Amazon promised it would make available to the public at no charge the security awareness training it offers its employees. In addition, Amazon will also offer Amazon Web Services account holders at no additional cost a multi-factor authentication device to protect against cybersecurity threats.
- Cybersecurity insurance provider Resilience said it would require policyholders to meet a threshold of cybersecurity best practice as a condition of receiving coverage. Another insurance provider, Coalition, will make its cybersecurity risk assessment and continuous monitoring platform available for free to any organization.
- org, a non-profit dedicated to expanding access to computer science in schools, promised to teach cybersecurity concepts to over three million students across 35,000 classrooms over three years, train a diverse population of students to stay safe online, and build interest in cybersecurity as a potential career.
- The University of Texas (UT) System said it plans to expand existing programs and develop new short-term credentials in cyber-related fields to strengthen America’s cybersecurity workforce. The UT System aims to upskill or reskill over one million workers across the nation by making available entry-level cyber educational programs through UT San Antonio’s Cybersecurity Manufacturing Innovation Institute.
- Finally, Whatcom Community College in Bellingham, Washington, announced it had been designated the new National Science Foundation Advanced Technological Education National Cybersecurity Center. It would provide cybersecurity education and training to faculty and support program development for colleges to “fast-track” students from college to career.
This latest development in the Biden administration’s continued cybersecurity campaign prompted praise by at least one important lawmaker. “For years I have been calling for more sustained leadership from the White House on cybersecurity, and President Biden is demonstrating the strong leadership we need to meet the challenge,” Jim Langevin, co-chair of the Congressional Cybersecurity Caucus and a member of the Cyberspace Solarium Commission, said in a statement. “The President’s cybersecurity summit today continues his unprecedented string of major cyber initiatives in just his first seven months on the job.”