Biden Urges CEOs To Improve U.S. Cybersecurity After Attacks

President Joe Biden urged a group of chief executive officers to help improve cybersecurity across the nation’s critical infrastructure and economy, citing a lack of trained professionals to adequately protect the U.S. Biden Urges CEOs To Improve U.S. Cybersecurity After Attacks

“Our skilled cybersecurity workforce is not growing fast enough to keep pace,” Biden said Wednesday at a meeting with chief executives including Apple Inc.’s Tim Cook, Alphabet Inc.’s Sundar Pichai, Amazon.com Inc.’s Andy Jassy, Microsoft Corp.’s Satya Nadella, and JPMorgan Chase & Co.’s Jamie Dimon.

Security Expert Exposes Chaos With Trump And U.S. Intelligence Agencies

CyberSecurity Newsflash!

The meeting follows massive cyber and ransomware attacks over the past year on critical infrastructure, including that of Colonial Pipeline Co. and JBS SA, as well as software and cloud providers such as Microsoft and SolarWinds Corp., which have largely been perpetrated by cyber groups based in Russia and China.

Biden called the meeting to discuss how industry and the federal government can work together to improve cybersecurity in the face of debilitating ransomware and cyberattacks. The president urged the CEOs to make commitments on workforce development and improvements to cybersecurity in their sectors, according to a senior administration official.

Among the actions the White House has taken this year is an executive order directing federal agencies to boost security protocols and mandating cyber incident reporting from large pipeline companies. But more collaboration is needed between private companies and government, the senior official said, adding that the private sector in many cases has more authority or influence than the government to make necessary cybersecurity changes.

The White House announced the National Institute of Standards and Technology will work with industry to create a framework on improving security in the technology supply chain. It would provide guidance on how to build secure technology and review the security of products, including open source software. IBM, Microsoft, Google, Travelers Cos. Inc. and Coalition, a cyber insurance company, committed to the initiative.

Tech companies at the event announced initiatives for cybersecurity workforce training in an effort to fill the roughly 500,000 open jobs in the industry.

Cybersecurity For You & Your Business

Workforce Initiatives

Google pledged to invest more than $10 billion in three years on cybersecurity computing and software programs. Additionally, the company committed to retraining 100,000 Americans in IT support and analytics work.

As Google has faced more regulatory scrutiny, the company has rolled out several job re-training programs. Google has long had a team of engineers dedicated to spotting security holes in other companies, and more recently it has pitched security as a selling point for its cloud business.

“Leading the world in cybersecurity is critical to our national security,“ Kent Walker, Google’s global affairs chief, wrote in a blog post on Wednesday.

Apple announced it will create a program focused on supply chain security improvements. The program will include multi-factor authentication adoption, security training and incident response.

International Business Machines Corp. said it plans to train more than 150,000 people in cybersecurity skills over the next three years and will work with more than 20 Historically Black Colleges and Universities to increase its diversity in hiring.

Microsoft announced it has made $150 million available for technical assistance to federal, state and local governments with upgrading security protections and will expand cybersecurity training for community college and non-profits. The company also said it will invest $20 billion over the next five years to integrate cybersecurity into the design of its products and deliver advanced security solutions.

Amazon plans in October to release cybersecurity training materials it has developed to keep its employees and sensitive information safe from cyberattacks. The company will also allow qualified Amazon Web Services account holders to receive a multi-factor authentication device at no additional cost.

TIAA-CREF Individual & Institutional Services, LLC has partnered with NYU’s Tandon School of Engineering to provide free tuition for employees to obtain a master’s degree in cybersecurity. They’ve also developed a pilot program with the University of North Carolina Charlotte for employees to get certificates in AI data and cybersecurity.

The talent shortfall in cybersecurity spans industries. That means gaps exist in all 16 critical infrastructure sectors, like energy, health care and manufacturing — and that companies in those sectors lack the necessary personnel to adequately defend computer networks against cyberattacks, said Simone Petrella, CEO of the cybersecurity training firm CyberVista.

The cybersecurity talent portal CyberSeek — a project support by the National Initiative for Cybersecurity Education — estimates more than 464,000 cybersecurity job opening between April 2020 and March 2021.

Other Efforts

The meeting focused on ransomware, the root causes of malicious cyber activity, and how to ensure that cybersecurity is baked into technology sold by industry from the start, according to the senior official.

After the meeting with Biden, several key cabinet secretaries led three breakout sessions with the industry participants.

Homeland Security Secretary Alejandro Mayorkas and Energy Secretary Jennifer Granholm led a session on critical infrastructure resilience, with executives from the energy and water sectors. The White House announced it is expanding an Industrial Control Systems cybersecurity initiative to include natural gas pipelines. The initiative already has focused on cyber improvements in the electric utility sector.

Commerce Secretary Gina Raimondo and head of the Small Business Administration Isabella Guzman met with tech and insurance executives on improving the security of cloud and tech systems.

Chris Inglis, the U.S.’s first national cyber director, led a third session focused on cybersecurity workforce.

Anne Neuberger, the deputy national security adviser for cyber and emerging technology, and Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, also participated.

Other participants included chief executives from banking giants Bank of America Corp. and US Bancorp; energy companies Southern Co. and Duke Energy Corp.; and water and wastewater utilities including American Water Works Co. Inc.

How Hackers Hammered Australia After China Ties Turned Sour

Electric Vehicle Infrastructure Push Brings Cyber Concerns

Hacker Claims To Steal Data Of 100 Million T-Mobile Customers

Accenture Confirms Hack After LockBit Ransomware Data Leak Threats

CIA Weighs Creating Special China Unit In Bid To Out-Spy Beijing

Israel’s Mossad Intelligence Agency Is Seeking To Hire A Crypto Expert

US Taps Amazon, Google, Microsoft, Others To Help Fight Ransomware, Cyber Threats

US Drops Visa Fraud Cases Against Five Chinese Researchers

Want To Invest In Cybersecurity? Here Are Some ETFs To Consider

How To Protect Your Online Privacy While Working From Home

What Hackers Can Learn About You From Your Social-Media Profile

Biden Administration Blames Hackers Tied To China For Microsoft CyberAttack Spree