On Aug. 25, President Joe Biden met with private-sector tech giants, such as Google and Apple, and education leaders to discuss the whole-of-nation effort and workforce training needed to address cybersecurity threats. Some of the technology companies pledged billions of dollars to support cybersecurity initiatives.
According to the White House, recent high-profile cybersecurity incidents demonstrate that both U.S. public- and private-sector entities increasingly face sophisticated malicious cyber activity. Cybersecurity threats and incidents affect businesses of all sizes, small towns and cities in every corner of the country, and the pocketbooks of middle-class families.
Biden said, “We’ve seen time and again how the technologies we rely on—from our cell phones to pipelines, to the electric grid—can become targets of hackers and criminals.”
Compounding the challenge, Biden noted that nearly half-a-million public and private cybersecurity jobs remain unfilled.
“[O]ur skilled cybersecurity workforce has not grown fast enough to keep pace,” Biden said. “That’s a challenge, but it also is a real opportunity.”
According to the White House, cybersecurity is a national security and economic security imperative for the Biden Administration. For example, Biden issued an Executive Order in May that modernizes federal government defenses and improves the security of technology. To secure critical infrastructure, this spring the Biden Administration launched a 100-day initiative to improve cybersecurity across the electric sector, with others to follow. In July, the president issued a National Security Memorandum establishing voluntary cybersecurity goals outlining expectations for owners and operators of critical infrastructure.
The Administration has also engaged with the private sector on the importance of prioritizing cybersecurity as a central part of their efforts to maintain business continuity. And internationally, the Biden Administration has rallied G7 countries to hold accountable nations who harbor ransomware criminals and to update NATO cyber policy for the first time in seven years.
According to the White House, the purpose of the Aug. 25 meeting was to discuss opportunities to bolster the nation’s cybersecurity in partnership and individually.
Biden said, “The reality is, most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone.”
He said the private-sector companies “have the power, the capacity, and the responsibility, I believe, to raise the bar on cybersecurity.”
Biden added, “Ultimately, we got a lot of work to do.”
According to the White House, several participants in the Aug. 25 meeting announced commitments and initiatives including:
The Biden Administration announced that the National Institute of Standards and Technology (NIST) will collaborate with industry and other partners to develop a new framework to improve the security and integrity of the technology supply chain. The approach will serve as a guideline to public and private entities on how to build secure technology and assess the security of technology, including open-source software. Microsoft, Google, IBM, Travelers, and Coalition committed to participating in this NIST-led initiative.
The Biden Administration also announced the formal expansion of the Industrial Control Systems Cybersecurity Initiative to a second major sector: natural gas pipelines. It’s estimated the initiative has already improved the cybersecurity of more than 150 electric utilities that serve 90 million Americans.
Apple announced it will establish a new program to drive continuous security improvements throughout the technology supply chain. As part of that program, Apple will work with its suppliers—including more than 9,000 in the United States—to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
Google announced it will invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security. Google also announced it will help 100,000 Americans earn industry-recognized digital skills certificates that provide the knowledge that can lead to securing high-paying, high-growth jobs.
IBM announced it will train 150,000 people in cybersecurity skills over the next three years, and will partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to grow a more diverse cyber workforce.
Microsoft announced it will invest $20 billion over the next 5 years to accelerate efforts to integrate cybersecurity by design and deliver advanced security solutions. Microsoft also announced it will immediately make available $150 million in technical services to help federal, state, and local governments with upgrading security protection, and will expand partnerships with community colleges and non-profits for cybersecurity training.
Amazon announced it will make available to the public at no charge the security awareness training it offers its employees. Amazon also announced it will make available to all Amazon Web Services account holders at no additional cost, a multi-factor authentication device to protect against cybersecurity threats like phishing and password theft.
Resilience, a cyber insurance provider, announced it will require policy holders to meet a threshold of cybersecurity best practices as a condition of receiving coverage.
Coalition, a cyber insurance provider, announced it will make its cybersecurity risk assessment and continuous monitoring platform available for free to any organization.
Code.org announced it will teach cybersecurity concepts to over 3 million students across 35,000 classrooms over 3 years, to teach a diverse population of students how to stay safe online and to build interest in cybersecurity as a potential career.
Girls Who Code announced it will establish a micro credentialing program for historically excluded groups in technology. The program will make scholarships and early career opportunities more accessible to underrepresented groups.
University of Texas System announced it will expand existing and develop new short-term credentials in cyber-related fields to strengthen America’s cybersecurity workforce. A major part of this effort will be to upskill and reskill over 1 million workers across the nation by making available entry-level cyber educational programs through UT San Antonio’s Cybersecurity Manufacturing Innovation Institute. Credentials do not depend on traditional degree pathways and should also contribute significantly to diversifying the pipeline.
Whatcom Community College announced it has been designated the new NSF Advanced Technological Education National Cybersecurity Center, and will provide cybersecurity education and training to faculty and support program development for colleges to “fast-track” students from college to career. According to the White House, the nature of community colleges dispersed in every community in the nation makes them an ideal pipeline for increasing diversity and inclusion in the cybersecurity workforce.