President Joe Biden urged a group of chief executive officers to help improve cybersecurity across the nation’s critical infrastructure and economy, citing a lack of trained professionals to adequately protect the U.S.
“Our skilled cybersecurity workforce is not growing fast enough to keep pace,” Biden said Wednesday at a meeting with chief executives including Apple Inc.’s Tim Cook, Alphabet Inc.’s Sundar Pichai, Amazon.com Inc.’s Andy Jassy, Microsoft Corp.’s Satya Nadella, and JPMorgan Chase & Co.’s Jamie Dimon.
The meeting follows massive cyber and ransomware attacks over the past year on critical infrastructure, including that of Colonial Pipeline Co. and JBS SA, as well as software and cloud providers such as Microsoft and SolarWinds Corp., which have largely been perpetrated by cyber groups based in Russia and China.
Biden called the meeting to discuss how industry and the federal government can work together to improve cybersecurity in the face of debilitating ransomware and cyberattacks. The president urged the CEOs to make commitments on workforce development and improvements to cybersecurity in their sectors, according to a senior administration official.
Among the actions the White House has taken this year is an executive order directing federal agencies to boost security protocols and mandating cyber incident reporting from large pipeline companies. But more collaboration is needed between private companies and government, the senior official said, adding that the private sector in many cases has more authority or influence than the government to make necessary cybersecurity changes.
As part of the meeting, the White House is announcing new public-private initiatives as well as cybersecurity workforce training efforts to fill the approximately 500,000 open jobs in the industry.
Google pledged to invest more than $10 billion in three years on cybersecurity computing and software programs. Additionally, the company committed to retraining 100,000 Americans in IT support and analytics work.
As Google has faced more regulatory scrutiny, the company has rolled out several job re-training programs. Google has long had a team of engineers dedicated to spotting security holes in other companies, and more recently it has pitched security as a selling point for its cloud business.
“Leading the world in cybersecurity is critical to our national security,“ Kent Walker, Google’s global affairs chief, wrote in a blog post on Wednesday.
IBM said it plans to train more than 150,000 people in cybersecurity skills over the next three years and will work with more than 20 Historically Black Colleges and Universities to increase its diversity in hiring.
Microsoft announced it has made $150 million available for technical assistance to federal, state and local governments with upgrading security protections and will expand cybersecurity training for community college and non-profits. The company also said it will invest $20 billion over the next five years to integrate cybersecurity into the design of its products and deliver advanced security solutions.
Amazon plans in October to release cybersecurity training materials it has developed to keep its employees and sensitive information safe from cyberattacks. The company will also allow qualified Amazon Web Services account holders to receive a multi-factor authentication device at no additional cost.
TIAA-CREF Individual & Institutional Services, LLC has partnered with NYU’s Tandon School of Engineering to provide free tuition for employees to obtain a master’s degree in cybersecurity. They’ve also developed a pilot program with the University of North Carolina Charlotte for employees to get certificates in AI data and cybersecurity.
The talent shortfall in cybersecurity spans industries. That means gaps exist in all 16 critical infrastructure sectors, like energy, health care and manufacturing -- and that companies in those sectors lack the necessary personnel to adequately defend computer networks against cyberattacks, said Simone Petrella, CEO of the cybersecurity training firm CyberVista.
The cybersecurity talent portal CyberSeek -- a project support by the National Initiative for Cybersecurity Education -- estimates more than 464,000 cybersecurity job opening between April 2020 and March 2021.
The meeting focused on ransomware, the root causes of malicious cyber activity, and how to ensure that cybersecurity is baked into technology sold by industry from the start, according to the senior official.
After the meeting with Biden, several key cabinet secretaries led three breakout sessions with the industry participants.
Homeland Security Secretary Alejandro Mayorkas and Energy Secretary Jennifer Granholm led a session on critical infrastructure resilience, with executives from the energy and water sectors.
Commerce Secretary Gina Raimondo and head of the Small Business Administration Isabella Guzman met with tech and insurance executives, including from Travelers Cos. Inc., on improving the security of cloud and tech systems.
Chris Inglis, the U.S.’s first national cyber director, led a third session focused on cybersecurity workforce.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, and Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, also participated.
Other participants includes chief executives from International Business Machines Corp. and ADP Inc. as well as from banking giants Bank of America Corp. and US Bancorp; energy companies Southern Co. and Duke Energy Corp.; and water and wastewater utilities including American Water Works Co. Inc.
© Copyright 2022 Bloomberg News. All rights reserved.