Google, IBM, tech executives unveil cybersecurity commitments at White House Summit
President Biden demanded chief executives of some of the largest technology companies in the U.S. do more to tackle the cybersecurity threat.
He spoke with officials from Google, Amazon, Apple, Microsoft, IBM, and ADP at a White House summit on Wednesday, in the wake of a slew of hacking incidents in the past year.
Representatives from the financial sector also participated, including JP Morgan Chase, Bank of America, TIAA Bank and U.S. Bancorp.
After the meeting with White House officials, Google CEO Sundar Pichai announced the search engine company will invest more than $10 billion in cybersecurity over the next five years to expand "zero-trust" programs — designed to protect digital networks by limiting user-access control — and train 100,000 Americans through a certificate program in data analytics and tech support.
"We welcomed the opportunity to participate in President Biden's White House Cyber Security Meeting today, and appreciated the chance to share our recommendations to advance this important agenda," Kent Walker, Google's Senior Vice President of Global Affairs said. He said the meeting was "timely," given the widespread cyberattacks that "continue to exploit vulnerabilities targeting people, organizations, and governments around the world."
"Most of our critical infrastructure is owned and operated by the private sector, and the federal government can't meet this challenge alone," Mr. Biden told participants at the cybersecurity summit. "I've invited you all here today because you have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity."
Microsoft was among the roughly 100 companies and nine government agencies impacted by the SolarWinds supply chain attack first discovered last year. The incident cost cyber insurers an estimated $90 million in coverage to clients compromised by the hackers. Earlier this year, a cyber espionage attack on Microsoft's Exchange email server impacted hundreds of thousands of organizations worldwide, sending cybersecurity responders into a frenzy.
"We need to bake security in by design into tech, otherwise we're pushing the cost of maintaining security to the users," a Biden administration official told reporters. "You're pushing it on small companies who have got to patch. You're putting it on older or less educated, less technically comfortable people."
In May, a massive ransomware hack prompted Colonial Pipeline, which transports nearly half of the East Coast's fuel supply, to shutter for 11 days. A month later, a cyberattack attributed to REvil, a Russian-speaking ransomware gang, forced the world's largest meat processor, Brazil-based JBS, to halt cattle-slaughtering operations at 13 of its meat processing plants in the U.S.
"We've got to have more security," the administration official said. "We've been talking about critical infrastructure for quite some time now, saying, 'Look, folks, don't be the next colonial.'"
Wednesday's meeting piggy-backed on a months-long effort by the Biden administration to solicit information sharing from private stakeholders, following cyber incidents. For months, lawmakers have grappled with questions over whether to mandate reporting for private companies targeted by ransomware actors.
Last month, a bipartisan group of senators – including Senators Mark Warner, Marco Rubio and Susan Collins – introduced a cyber bill that if passed, would require federal government agencies, federal contractors and operators of critical infrastructure to notify CISA and DHS within 24 hours of "confirmation" of a cybersecurity incident.
IBM CEO Arvind Krishna threw his support behind the creation of voluntary public reporting on cybersecurity practices. The tech giant also committed Wednesday to training more than 150,000 people in cybersecurity skills within three years.
Apple vowed to work with its more than 9,000 suppliers in the U.S. to drive "mass adoption" of cyber hygiene practices including multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.
Microsoft committed $20 billion over the next five years to kickstart integration of advanced security solutions into product design and unveiled a $150 million pot to help federal, state, and local governments with technical services, including partnerships with community colleges and non-profits for cybersecurity training.
Earlier this month, Homeland Security Secretary Alejandro Mayorkas previewed efforts to launch his department's Cybersecurity Talent Management System, a program – seven years in the making – that will work to recruit new cybersecurity talent into the federal government.
"It's taken too long to get here, but we are proud to have gotten this hiring effort over the finish line," Mayorkas told an audience at the BlackHat cybersecurity convention. "Developing a top-tier, diverse cybersecurity workforce will remain a priority for us at DHS and the federal government under the Biden-Harris Administration."
According to OMB data, the federal cybersecurity workforce is older than the U.S. labor force. Just 5.7% of the full-time federal cyber employees were under the age of 30 in September 2020, while 20% of the overall U.S. labor force in 2020 was under the age of 30.