3rd Party Risk Management , Business Continuity Management / Disaster Recovery , Cybercrime
White House Tech Meeting: Focus on Critical Infrastructure
Administration Official: Gathering Will Also Address Hiring More Security ProsThe Biden administration is hosting a White House meeting Wednesday with a number of technology, banking, insurance and education executives to focus on cybersecurity and national security issues, such as protecting critical infrastructure from attacks and how to hire more security professionals to meet growing demand.
See Also: SIEM Wishlist: Top 5 Reasons Security Teams Can’t Wait to Upgrade
The meeting, which will include Microsoft CEO Satya Nadella, Amazon CEO Andy Jassy, Google CEO Sundar Pichai, Apple CEO Tim Cook and IBM CEO Dr. Arvind Krishna, along with several others, will primarily address the need for more public-private partnerships to strengthen cybersecurity within America's critical infrastructure, such as water treatment facilities, the national electrical grid and oil and gas infrastructure, a senior administration official says.
"Both U.S. public and private sector entities are facing increasingly sophisticated malicious cyber activity, which includes businesses small and large, small towns and cities in every corner of the country," says a senior administration who spoke on the condition of anonymity.
Besides enhancing cybersecurity around critical infrastructure, which has been a focus of the Biden administration following a series of ransomware attacks earlier this year on Colonial Pipeline and other U.S. businesses, the White House meeting will focus on what the government and the private sector can do to hire more security professionals.
The senior administration official cited a statistic from Cyber Seek, a job-tracking database developed by the Department of Commerce, which estimates there are 465,000 open cybersecurity positions nationwide, including approximately 36,000 open cyber jobs at federal, state and local government agencies.
"The federal government can't solve this complex growing international challenge alone and we can't do it overnight … we're sincere when we say cybersecurity is a matter of national security and the government and public sectors must meet this moment together," the senior administration official says.
Biden's View
Speaking to reporters before the White House meeting began at 2 p.m. Eastern, President Joe Biden touted some of his administration's recent cyber initiatives, including the May executive order requiring federal agencies to revamp their security defenses, including adopting "zero trust" strategies and only purchasing software that meets certain security standards, as well as new guidelines for operators of interstate gas and oil pipelines.
"We've seen time and again how the technologies we rely on - cell phones, and pipelines and the electric grid - can become targets of criminals. At the same time, our skilled cybersecurity workforce has not grown fast enough to keep pace … about half a million cybersecurity jobs remain unfilled," Biden said, adding that his administration has also worked with allies such as NATO to address nation-state attacks and international cybercrime.
Beyond Tech
While Wednesday's event was promoted as a meeting between the White House and Silicon Valley tech executives to discuss cybersecurity, the senior administration official says the gathering will also include input from the banking, insurance, critical infrastructure and education sectors.
Other participants will include JPMorgan Chase CEO Jamie Dimon and Bank of America CEO Brian Moynihan from the financial sector; Travelers CEO Alan Schnitzer and Resilience CEO Vishaal Hariprasad from the insurance sector, representatives from critical infrastructure companies such as American Water, ConocoPhillips, Duke Energy and PG&E; and leaders from institutions such as the University of Texas System, Tougaloo College and others from the education sector.
The group will hear from Biden as well as several senior officials and cabinet secretaries, including National Cyber Director John "Chris" Inglis, Department of Homeland Security Secretary Alejandro Mayorkas and Cybersecurity and Infrastructure Security Agency Director Jen Easterly.
When asked about the inclusion of financial services, insurance and critical infrastructure executives, the senior administration official notes that their participation meshes with the administration's objectives. For example, the cybersecurity executive order Biden signed in May will require any company doing business with the federal government to invest in or create software that meets security standards (see: Biden's Cybersecurity Executive Order: 4 Key Takeaways).
The government also is calling on businesses, such as those in the oil and gas sector, to provide input about new regulations, such as those announced in July by the Department of Homeland Security and the Transportation Security Administration for firms that operate interstate pipelines (see: TSA Issues Cybersecurity Requirements for Pipelines).
"What we're working to do is really pick carefully the sectors and the leaders who we say, 'We need you. The critical services of this country need you.' And we need to transition to where technology is truly - by default - created with security baked in by design," the senior administration official says.
The official also notes that the White House is meeting with companies now, when most cybersecurity standards and regulations are still voluntary, so that they can have a say before Congress considers issuing mandates.
"We're going to work to make sure that these standards are adopted across the board because we, as the government, owe that to the citizens we serve, but we'd love for you to go ahead and get moving," the senior administration official says. "You [the private sector] have a voice in the way we run the process for establishing the performance controls and with establishing the standards."
Phil Reitinger, the president and CEO of the Global Cyber Alliance, notes that meetings such as the one taking place Wednesday seldom produce long-term results to improve security.
"This sort of public event is generally more about demonstrating focus and concern as opposed to making progress on substantive issues," says Reitinger, who formerly served as the director of the National Cyber Security Center within the Department of Homeland Security. "And some of the things I have read about the meeting, including that a focus will be on 'more public-private partnerships to strengthen cybersecurity,' fill me with despair. We don't need more partnerships; we need more effective partnerships."
Ransomware
The senior administration official also notes that some of the meetings between these executives and the Biden administration will focus on specific cybersecurity issues, such as ransomware, which has been a high-profile concern since the president took office in January and was a key topic at Biden's June summit meeting with Russian President Vladimir Putin (see: Analysis: The Cyber Impact of Biden/Putin Summit Meeting).
"So ransomware will be part of the discussion, but we really wanted to take a broader look at various kinds of malicious cyber activity, and what we can practically do about it," the official says, adding that the administration continues to hold talks with its Russian counterparts about cybercriminal activity within that country's borders.
Tom Kellermann, the head of cybersecurity strategy for VMware and a member of the Cyber Investigations Advisory Board for the U.S. Secret Service, says that the White House should have expanded the group to include others in cybersecurity and that more of the meeting should focus on ransomware specifically.
"The primary focus of the meeting was to thwart ransomware. Without a proportionate cyber response from U.S. Cyber Command against the Russian-linked cyber cartels, fighting ransomware will continue to be an arms race," Kellermann says.