U.S. President Joe Biden met on Wednesday with the private sector and education leaders to discuss a nationwide effort to address cyber security threats. Cybersecurity has gained significance in government, in the aftermath of several high-profile cybersecurity incidents that rocked both U.S. public and private sector entities.
“We’ve seen time and again how the technologies we rely on — from our cell phones to pipelines, to the electric grid — can become targets of ha- — hackers and criminals,” President Biden remarked. “At the same time, our skilled cybersecurity workforce has not grown fast enough to keep pace. We’re about — the estimates many of you have given us and we’ve concluded are — on our own — about a half a million cybersecurity jobs remain unfilled.”
The president also recognized that “the reality is, most of our critical infrastructure owned and operated — is owned and operated by the private sector, and the federal government can’t meet this challenge alone. So I’ve invited you all here today because you have the power, the capacity, and the responsibility, I believe, to raise the bar on cybersecurity. And so, ultimately, we got a lot of work to do,” he added.
The Biden administration has placed cybersecurity as a national security and economic security imperative while working towards prioritizing and elevating cybersecurity like never before. “Cybersecurity threats and incidents affect businesses of all sizes, small towns and cities in every corner of the country, and the pocketbooks of middle-class families,” according to a Fact Sheet released by the White House.
After the meeting with the executives, the administration announced that the National Institute of Standards and Technology (NIST) will collaborate with industry and other partners to develop a new framework to improve the security and integrity of the technology supply chain. The approach will serve as a guideline to public and private entities on how to build secure technology and assess the security of technology, including open-source software. Microsoft, Google, IBM, Travelers, and Coalition committed to participating in this NIST-led initiative.
The Biden administration also announced the formal expansion of the Industrial Control Systems Cybersecurity Initiative to a second major sector: natural gas pipelines. The initiative has already improved the cybersecurity of more than 150 electric utilities that serve 90 million Americans, the government said.
Around a month ago, President Biden set up a voluntary, collaborative effort between the federal government and the critical infrastructure community, called the Industrial Control Systems Cybersecurity Initiative, to significantly improve the cybersecurity of these critical systems.
There were various commitments made on Wednesday by the private sector. Apple announced the setting up of a new program to drive continuous security improvements throughout the technology supply chain. As part of that program, Apple will work with its suppliers, including over 9,000 in the U.S., to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
Google announced it will invest US$10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security. Google also announced it will help 100,000 Americans earn industry-recognized digital skills certificates that provide the required knowledge that can lead to securing high-paying, high-growth jobs.
IBM announced it will train 150,000 people in cybersecurity skills over the next three years and will partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to grow a more diverse cyber workforce. Amazon announced it will make available to the public at no charge the security awareness training it offers its employees, while also making available to all Amazon Web Services (AWS) account holders at no additional cost a multi-factor authentication device to protect against cyber security threats like phishing and password theft.
Microsoft announced it will invest $20 billion over the next five years to accelerate efforts to integrate cyber security by design and deliver advanced security solutions. The Redmond, Washington-based software giant also announced it will immediately make available $150 million in technical services to help federal, state, and local governments with upgrading security protection, and will expand partnerships with community colleges and non-profits for cybersecurity training.
“The U.S. government continues to ramp up efforts to strengthen its cybersecurity, and we can expect states to continue to legislate and regulate in this area,” according to a post by law firm, J.D. Supra. “Businesses across all sectors will likely experience pressure to evaluate their data privacy and security threats and vulnerabilities and adopt measures to address their risk and improve compliance.”
The latest action by the U.S. administration follows months of cybersecurity attacks on the nation’s critical infrastructure community, including the SolarWinds supply chain attack, hack of a Florida water treatment facility, and the ransomware attack on Colonial Pipeline.
Following the May attack on Colonial Pipeline, the U.S. government released an Executive Order that will bring about decisive steps to modernize US critical infrastructure and its approach to cybersecurity by increasing visibility into threats, while employing appropriate resources and authorities. This would help maximize the early detection of cybersecurity vulnerabilities and incidents on its networks.
In April, the administration announced a 100-day plan to modernize critical electric infrastructure using cybersecurity defenses with aggressive milestones and assist owners and operators to deliver better detection, mitigation, and forensic capabilities. The plan will help meet cyber security threats faced by the nation’s electric system, apart from seeking feedback from stakeholders on protecting the critical electric infrastructure.