Business leaders from key sectors of the economy pledged to help harden the country against cyberattacks on Wednesday following a meeting with President Joe Biden at the White House, where he described cybersecurity as a “core national security challenge” and cited recent high-profile attacks on US businesses that have disrupted life for everyday Americans.
The hours-long cybersecurity summit marked the Biden administration’s most visible engagement yet with private sector leaders amid a wave of ransomware and other cyberattacks that have ratcheted up tensions with US adversaries and prompted the President to issue an executive order in May shoring up federal IT security.
“We’ve seen time and again how the technologies we rely on, from our cell phones to pipelines, the electric grid, can become targets of hackers and criminals,” Biden said in opening remarks to gathered CEOs from Silicon Valley, the water and energy sectors, the banking and insurance industries and academic institutions, who all wore masks at the in-person event.
A senior administration official described this week’s meeting to reporters as a “call to action” for the private sector, which is composed of thousands of businesses that may lack the know-how or the resources to fend off hackers on their own.
In response, tech giants including Google and IBM committed Wednesday to training hundreds of thousands of cybersecurity experts in the coming years to help fill what the US government estimates is half a million open jobs in the security industry.
Google said it would spend $10 billion on cybersecurity initiatives. IBM added it would begin offering more widely a secure backup service that is already being used by critical infrastructure operators. Microsoft said it would spend $20 billion over five years on cybersecurity initiatives, and pledged $150 million in support for federal, state and local governments seeking to upgrade their security. And Amazon’s cloud computing division said it would provide free multi-factor authentication devices to US customers who spend at least $100 a month on average on Amazon Web Services.
Apple said it would encourage its suppliers to boost their cybersecurity by using multi-factor authentication and better logging, a move that could enhance the cybersecurity of Apple’s supply chain. More than 9,000 of Apple’s suppliers are located in the United States, according to a fact sheet from the administration.
The National Institute of Standards and Technology will work with Microsoft, Google and the insurance industry companies Travelers and Coalition to create a new framework designed to help guide the creation of more secure technology products and to audit the security of technology products, the administration said in the fact sheet.
And a program the Biden administration launched this year to improve the real-time network monitoring of electricity companies will now expand to include natural gas companies, the White House fact sheet said.
Meanwhile, educational institutions including the University of Texas and Girls Who Code announced new accelerated or minority-focused cybersecurity credentialing programs.
Participants in Wednesday’s meeting discussed how they could reshape their industries to enhance user security by default and en masse. Some likened the effort to the standardization of automotive seat belts and airbags, according to a senior administration official. Insurance providers could use incentives and mandatory requirements to nudge customers in the right direction, some of the participants said, according to the official, while others suggested tougher application of financial regulation on cryptocurrencies to limit the rewards associated with launching ransomware attacks.
Following the meeting, cyber insurance provider Resilience said it would require customers to meet a minimum standard of cybersecurity in order to receive coverage, and Coalition said it would donate access to its cyber risk assessment platform to any organization.
The Biden administration has grappled with the limits of its authority to answer the rise in cyberattacks, a problem that affects a broad range of businesses the White House cannot directly regulate.
While the US government has rolled out mandatory data breach reporting requirements for certain sectors such as pipelines, and is increasingly using its procurement power to shape the cybersecurity practices of federal contractors, officials and experts say the White House lacks the authority to order more stringent measures like the use of two-factor authentication in private networks.
As a result, the Biden administration has tried to encourage private industry to take action voluntarily in defense of US networks.
Wednesday’s summit reflects the latest in that strategy.
“The reality is, most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said. “So I’ve invited you all here today because you have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity.”
This story has been updated with responses from tech companies.
Allie Malloy and Maegan Vazquez contributed to this report.