Key Takeaways
President Biden met with private sector and education leaders to discuss the whole-of-nation effort needed to address cybersecurity threats.
The companies in attendance committed to investing billions of dollars to strengthen cybersecurity and train more cybersecurity professionals.
More initiatives were also announced from the Biden administration, which has already issued an Executive Order and a National Security Memorandum about cybersecurity this year.
On Wednesday August 25, President Joe Biden gathered with industry leaders to issue a call to action on cybersecurity and make concrete announcements to bolster the nation’s cyber infrastructure.
The high-profile meeting brought together CEOs from the education, energy, finance, insurance and tech sectors, featuring companies like Google, Amazon, Apple, Microsoft, IBM, JP Morgan Chase and Bank of America. The meeting took place in the wake of a number of devastating hacks that have targeted critical infrastructure and major corporations that U.S. authorities have linked to foreign hackers.
"Most of our critical infrastructure is owned and operated by the private sector, and the federal government can't meet this challenge alone," President Biden told participants at the cybersecurity summit. "I've invited you all here today because you have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity."
In a statement before the summit, President Biden called cybersecurity a “core national security challenge”. The White House had been working to secure commitments from industry in advance of the meeting, mostly in the areas of “technology and talent,” an official said in a background call with reporters on Tuesday.
The country’s participating companies committed to investing billions of dollars to strengthen cybersecurity defenses and to train skilled workers. Here are the major announcements and initiatives from the meeting:
The Biden Administration announced that the National Institute of Standards and Technology (NIST) will collaborate with industry and other partners to develop a new framework to improve the security and integrity of the technology supply chain. The approach will serve as a guideline to public and private entities on how to build secure technology and assess the security of technology, including open source software. Microsoft, Google, IBM, Travelers Insurance, and Coalition (a cyber insurance provider) committed to participating in this NIST-led initiative.
The Biden Administration also announced the formal expansion of the Industrial Control Systems Cybersecurity Initiative to a second major sector: natural gas pipelines. The Initiative has already improved the cybersecurity of more than 150 electric utilities that serve 90 million Americans.
Apple announced it will establish a new program to drive continuous security improvements throughout the technology supply chain. As part of that program, Apple will work with its suppliers — including more than 9,000 in the United States— to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
Google announced it will invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security. Google also announced it will help 100,000 Americans earn industry-recognized digital skills certificates that provide the knowledge that can lead to secure high-paying, high-growth jobs.
IBM announced it will train 150,000 people in cybersecurity skills over the next three years.
Microsoft announced it will invest $20 billion over the next 5 years to accelerate efforts to integrate cyber security by design and deliver advanced security solutions. Microsoft also announced it will immediately make available $150 million in technical services to help federal, state, and local governments with upgrading security protection, and will expand partnerships with community colleges and non-profits for cybersecurity training.
Amazon announced it will make available to the public at no charge the security awareness training it offers its employees. Amazon also announced it will make available to all Amazon Web Services account holders at no additional cost, a multi-factor authentication device to protect against cybersecurity threats like phishing and password theft.
Resilience, a cyber insurance provider, announced it will require policy holders to meet a threshold of cybersecurity best practice as a condition of receiving coverage.
Coalition, a cyber insurance provider, announced it will make its cybersecurity risk assessment & continuous monitoring platform available for free to any organization
Other recent action from the White House
The Biden Administration has been prioritizing and elevating cybersecurity like never before. On May 12, 2021, President Biden issued an Executive Order that modernizes Federal Government cyber defenses. The Executive order removed barriers to threat information sharing between government and the private sector, modernized cybersecurity standards in the Federal Government, and established a Cybersecurity Safety Review Board, among other things.
On July 28, the President issued a National Security Memorandum establishing the President’s Industrial Control System Cybersecurity (ICS) Initiative. The ICS initiative is a voluntary, collaborative effort between the federal government and the critical infrastructure community to facilitate the deployment of technology and systems that provide threat visibility, indicators, detections, and warnings. The memorandum also directs the Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) to develop cybersecurity performance goals for critical infrastructure.
Looking Forward
The mere act of holding the summit, which came as Afghanistan consumes headlines, and the attendance of figures like Tim Cook, Sundai Pichar, and Jamie Dimon sends an important signal: the U.S. wants to prioritize cybersecurity. While the commitments made at the summit are impressive, it illustrates the gap between where we are and where we want to be.
The commitments will require considerable follow-up, including expansion to other sectors and policy changes that could emerge from closer relationships between industry and government. This summit was a great symbol for how the U.S. values cyber and serves as the start of closer knit relationship between government and private sector, a relationship that will require much work from both sides.