At the meeting, CEOs of major US companies committed to investing in cybersecurity solutions, improving the cybersecurity workforce, and offering free awareness or training programmes.
“The reality is, most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” US President Joe Biden said on August 25 in a meeting with private sector leaders on improving the nation’s cybersecurity. “I’ve invited you all here today because you have the power, the capacity, and the responsibility, I believe, to raise the bar on cybersecurity,” he added.
The meeting shed light on how governments can work with the private sector to develop solutions to the rapidly increasing problem of cyberattacks.
Who participated in the cybersecurity meeting?
Tech companies: Google (CEO Sundar Pichai), Amazon (CEO Andy Jassy), Apple (CEO Tim Cook), Microsoft (CEO Satya Nadella), IBM (CEO Arvind Krishna), and Automatic Data Processing.
Financial institutions: JPMorgan Chase, Bank of America, TIAA, and U.S. Bancorp.
Insurance companies: Coalition, Vantage Group, Resilience, and Travelers.
Educational institutions: Code.org, University of Texas System, Tougaloo College, Girls Who Code, and Whatcom Community College.
What were the new commitments and initiatives announced?
Commitments by big tech
- Apple will work with its suppliers to improve supply chain security: Apple said that it will establish a new programme to drive security improvements throughout the technology supply chain. This includes Apple working with its suppliers to ensure “the adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.”
- Google will invest $10 billion in improving cybersecurity: Google said it will invest $10 billion over the next five years to “expand zero-trust programs, help secure the software supply chain, and enhance open-source security.” It has also committed to helping 100,000 Americans earn digital skill certificates that will help them secure cybersecurity-related jobs.
- Microsoft will invest in efforts to integrate cybersecurity by design: Microsoft said that it will invest $20 billion dollars over the next five years “to accelerate efforts to integrate cyber security by design and deliver advanced security solutions.” It also said that it will “immediately make available $150 million in technical services to help federal, state, and local governments with upgrading security protection, and will expand partnerships with community colleges and non-profits for cybersecurity training.”
- Amazon will make its internal security awareness training programme publically available: Amazon announced that it will make the security awareness training it offers its employees free of cost to the public. It will also give all Amazon Web Services account holders a multi-factor authentication device at no additional cost.
Commitments by cyber insurance providers
“We really see insurance as a way to drive better cybersecurity practices,” – senior administration official in a press call
- Resilience will vet its customers: Resilience will require its policyholders “to meet a threshold of cybersecurity best practice as a condition of receiving coverage,” the company said.
- Coalition will make its risk assessment programme free to any organisation: Coalition announced it will “make its cybersecurity risk assessment and continuous monitoring platform available for free to any organization.”
Commitments to improve cybersecurity workforce
“Our skilled cybersecurity workforce has not grown fast enough to keep pace […] half a million cybersecurity jobs remain unfilled.” – President Biden
- IBM will work on increasing and diversifying the cybersecurity workforce: IBM announced it will train 150,000 people in cybersecurity skills over the next three years. It will also partner with more than 20 historically black colleges and universities to establish cybersecurity centers there to create a more diverse workforce.
- Code.org will teach cybersecurity concepts to over 3 million students: Online computer science education platform Code.org said that it “will teach cybersecurity concepts to over 3 million students across 35,000 classrooms over 3 years.” In addition to teaching students how to stay safe online, it will also build interest in cybersecurity as a potential career, the platform said.
- Girls Who Code will make learning resources accessible to historically excluded groups: Girls Who Code, a nonprofit working to increase the number of women in computer science, will “establish a micro-credentialing program for historically excluded groups in technology”, the organisation said. It will also make scholarships and early career opportunities more accessible to these groups.
- University of Texas will expand its education offerings in cyber-related fields: The University of Texas announced it will “expand existing and develop new short-term credentials in cyber-related fields to strengthen America’s cybersecurity workforce.” This effort includes upskilling and reskilling over 1 million workers across the nation with entry-level programmes offered by UT San Antonio’s Cybersecurity Manufacturing Innovation Institute.
- Whatcom Community College will use its new cybersecurity centre to provide education and training to faculty and support other colleges: Whatcom Community College said that it has been designated the new National Science Foundation Advanced Technological Education National Cybersecurity Center and it will “provide cybersecurity education and training to faculty and support program development for colleges to “fast-track” students from college to career.”
Commitments by the government
- New guidelines for public and private entities on building secure technology: The US government announced that the National Institute of Standards and Technology (NIST) will develop a new framework that will serve as a guideline to public and private entities on how to build secure technology and assess the security of technology, including open-source software. Microsoft, Google, IBM, Travelers, and Coalition will help NIST with developing this framework
- Bringing natural gas under the Industrial Control Systems Cybersecurity Initiative: The US government is expanding the Industrial Control Systems Cybersecurity Initiative to cover a second major sector: natural gas. Previously, the initiative covered and improved the cybersecurity of more than 150 electric utilities, the government said.
What else is the US doing to strengthen cybersecurity?
Cybersecurity policy overhaul: This latest meeting builds on the many other cybersecurity initiatives launched by the US in recent months. Most significantly, in May this year, the US President signed an executive order, which initiated a major overhaul to the nation’s cybersecurity policy. The order focuses on the following key policy changes:
- Improving threat information sharing between government and the private sector
- Modernisation of federal government’s cyber defenses and adoption of cloud technologies
- Enhancing software supply chain security by establishing baseline standards and providing security ratings
- Establishing a Cybersecurity Safety Review Board to learn from cybersecurity incidents
- Standardising response to cybersecurity incidents across government bodies
- Improving detection of cybersecurity incidents on government networks
- Improving investigative and remediation capabilities
National Security Memorandum: In July, the US government issued a National Security Memorandum on improving cybersecurity for critical infrastructure control systems. The memorandum:
- Establishes the Industrial Control Systems Cybersecurity Initiative with the primary objective of defending critical infrastructure
- Establishes cybersecurity performance goals that outline the government’s expectations for owners and operators of critical infrastructure.
International engagement: The US government said that it is working with G7 countries to hold accountable nations that harbor ransomware criminals and that it has updated the NATO cyber policy for the first time in seven years. In his address, Biden added that he also had a meeting with Russian President Vladimir Putin where he made clear that the US expects him to hold ransomware criminals accountable.
- The Policy Changes The US Government Has Initiated To Overhaul Its Cybersecurity
- Details: US, UK, EU And Allies Accuse China Of Carrying Out Malicious Cyber Activity
- What India Should Do To Improve Cybersecurity In Healthcare — Ambassador Latha Reddy, Co-Chair Of The Global Commission On The Stability Of Cyberspace – #NAMA
- 2021 Is Going To Be The Year Of Ransomware: National Cybersecurity Coordinator Lt Gen (Dr) Rajesh Pant – #NAMA
- Risks Posed By Stolen Health Data And Challenges In Securing Health Data – #NAMA
- Measures And Policies To Strengthen The Cybersecurity Of Health Data And Healthcare Infrastructure – #NAMA
Have something to add? Post your comment and gift someone a MediaNama subscription.