WASHINGTON — The US government on Wednesday said it would work with industry to hammer out new guidelines to improve the security of the technology supply chain, as President Joseph R. Biden, Jr., appealed to private sector executives to “raise the bar on cybersecurity.”
At White House meetings with Mr. Biden and members of his Cabinet, executives from Big Tech, the finance industry, and infrastructure companies said they would do more about the growing threat of cyber attacks to the US economy.
“The federal government can’t meet this challenge alone,” Mr. Biden told the masked executives in the East Room, telling them, “You have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity.”
After the meeting, the White House said the National Institute of Standards and Technology (NIST) would work with industry and other partners on new guidelines for building secure technology and assessing the security of technology, including open source software.
Microsoft, Google, Travelers, and Coalition, a cyber insurance provider, among others, committed to participating in the new NIST-led initiative.
Cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks on network management company SolarWinds Corp, the Colonial Pipeline company, meat processing company JBS and software firm Kaseya. The attacks hurt the United States far beyond just the companies hacked, affecting fuel and food supplies.
“We have a lot of work to do,” Mr. Biden said, citing both ransomware attacks and his push to get Russian President Vladimir Putin to hold Russian-based cyber gangs responsible, and the need to fill nearly half a million public and private cybersecurity jobs.
The guest list included Amazon.com Inc. CEO Andy Jassy, Apple Inc. CEO Tim Cook, Microsoft CEO Satya Nadella, Google’s parent Alphabet Inc. CEO Sundar Pichai, and IBM Chief Executive Arvind Krishna.
After the meeting, Amazon said it would make its cybersecurity training available to the public for free, and it would give multi-factor authentication devices to some cloud computing customers, starting in October.
Microsoft said it will invest $20 billion over five years, a four-fold increase from current rates, to speed up its cyber security work, and make available $150 million in technical services to help federal, state and local governments to help keep their security systems up to date.
IBM said it will train more than 150,000 people in cybersecurity skills over three years and will partner with historically black colleges and universities to create a more diverse cyber workforce.
Google said it was devoting $10 billion to cybersecurity over the next five years, but it was not immediately clear what if any of the figure represented new spending. It also said it would help 100,000 Americans earn industry-recognized digital skills certificates that could lead to high-paying jobs.
Vishaal Hariprasad, CEO of Resilience Cyber Insurance Solutions, told Reuters his company would work with the government on setting clear standards for cybersecurity, and would require policy holders to meet those standards.
“So, if a company is willing to adhere to the minimum standards, they’ll have insurance, and if not, they’ll have to identify those gaps so they can get to that baseline,” he said.
“It’s not just about getting our companies safer, but also ensuring that we’re doing something to address the bad guys.”
Congress is weighing legislation on data breach notification laws and cybersecurity insurance industry regulation, historically viewed as two of the most consequential policy areas within the field.
Executives for energy utility firm Southern Co and JPMorgan Chase & Co. also attended the event.
The event featured top cybersecurity officials from the Biden administration, including National Cybersecurity Director Chris Inglis and Secretary of Homeland Security Alejandro Mayorkas. —