President Biden met with private sector and education leaders to discuss the whole-of-nation effort needed to address cybersecurity threats according to a Whitehouse press briefing. The approach will serve as a guideline to public and private entities on how to build secure technology and assess the security of technology, including open-source software. Microsoft, Google, IBM, Travelers and Coalition committed to participating in this NIST-led initiative.
Recent high-profile cybersecurity incidents demonstrate that both U.S. public and private sector entities increasingly face sophisticated malicious cyber activity. Cybersecurity threats and incidents affect businesses of all sizes, small towns and cities in every corner of the country, and the pocketbooks of middle-class families. Compounding the challenge, nearly half a million public and private cybersecurity jobs remain unfilled.
The Administration has also engaged with the private sector on the importance of prioritizing cybersecurity as a central part of their efforts to maintain business continuity. And internationally, the administration has rallied G7 countries to hold accountable nations who harbor ransomware criminals and to update NATO cyber policy for the first time in seven years.
The purpose of the meeting was to discuss opportunities to bolster the nation’s cybersecurity in partnership and individually. Several participants announced commitments and initiatives including:
- The formal expansion of the Industrial Control Systems Cybersecurity Initiative to a second major sector: natural gas pipelines. The Initiative has already improved the cybersecurity of more than 150 electric utilities that serve 90 million Americans.
- Apple announced it will establish a new program to drive continuous security improvements throughout the technology supply chain. As part of that program, Apple will work with its suppliers — including more than 9,000 in the United States— to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging and incident response.
- Google announced it will invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain and enhance open-source security. Google also announced it will help 100,000 Americans earn industry-recognized digital skills certificates that provide the knowledge that can lead to secure high-paying, high-growth jobs.
- IBM announced it will train 150,000 people in cybersecurity skills over the next three years, and will partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to grow a more diverse cyber workforce.
- Microsoft announced it will invest $20 billion over the next 5 years to accelerate efforts to integrate cyber security by design and deliver advanced security solutions. Microsoft also announced it will immediately make available $150 million in technical services to help federal, state and local governments with upgrading security protection, and will expand partnerships with community colleges and non-profits for cybersecurity training.
- Amazon announced it will make available to the public at no charge the security awareness training it offers its employees. Amazon also announced it will make available to all Amazon Web Services account holders at no additional cost, a multi-factor authentication device to protect against cybersecurity threats like phishing and password theft.
- Resilience, a cyber insurance provider, announced it will require policy holders to meet a threshold of cybersecurity best practice as a condition of receiving coverage.
- Coalition, a cyber insurance provider, announced it will make its cybersecurity risk assessment & continuous monitoring platform available for free to any organization.
- Code.org announced it will teach cybersecurity concepts to over 3 million students across 35,000 classrooms over 3 years, to teach a diverse population of students how to stay safe online, and to build interest in cybersecurity as a potential career.
- Girls Who Code announced it will establish a micro credentialing program for historically excluded groups in technology. The program will make scholarships and early career opportunities more accessible to underrepresented groups.
- University of Texas System announced it will expand existing and develop new short-term credentials in cyber-related fields to strengthen America’s cybersecurity workforce. A major part of this effort will be to upskill and reskill over 1 million workers across the nation by making available entry-level cyber educational programs through UT San Antonio’s Cybersecurity Manufacturing Innovation Institute. Credentials do not depend on traditional degree pathways, and should also contribute significantly to diversifying the pipeline.
- Whatcom Community College announced it has been designated the new NSF Advanced Technological Education National Cybersecurity Center, and will provide cybersecurity education and training to faculty and support program development for colleges to “fast-track” students from college to career. The nature of community colleges dispersed in every community in the nation makes them an ideal pipeline for increasing diversity and inclusion in the cybersecurity workforce.