By Cat Zakrzewski, Joseph Marks
President Biden on Wednesday is expected to meet with the chief executives of Apple, Google, JPMorgan Chase and other prominent business leaders in what the White House describes as a “call to action” to pressure top tech companies, banks and utility providers to adopt stronger cybersecurity protections.
Biden, along with key members of his Cabinet and national security officials, will seek to address the “root causes of any kind of malicious cyber activity,” a senior administration official told reporters, amid a devastating wave of high-profile attacks.
Topics on the agenda include ransomware, the shortage of cybersecurity professionals and building software and devices with default security protections. The administration is also expected to press firms in critical sectors, such as water and energy, to improve their protections to prevent a repeat of the Colonial Pipeline hack, which in May disrupted fuel supplies in the eastern United States, the official told reporters.
The administration and companies in attendance are also slated to announce commitments later on Wednesday related to these topics.
Apple CEO Tim Cook, Amazon CEO Andy Jassy, JPMorgan Chase CEO Jamie Dimon and chief executives from major insurance, energy and water companies are expected to attend, according to a list provided by the White House. Representatives from nonprofit organizations focused on computer science education, including Code.org, and several colleges are also invited to discuss efforts to bolster the cybersecurity workforce, as about 500,000 U.S. cybersecurity jobs remain vacant. (Amazon founder Jeff Bezos owns The Washington Post.)
Amid a scourge of ransomware attacks and other hacks hitting businesses nationwide, the meeting marks one of the most high-profile displays of the Biden administration’s mounting pressure campaign on companies across economic sectors to do more to shore up their systems against cyberattacks. The gathering, which the White House first announced last month, highlights a growing recognition of the key role companies have to play in defending the United States against major cyberattacks, predominantly by bolstering their own defenses.
“The federal government can’t solve this complex, growing international challenge alone, and we can’t do it overnight,” said the senior administration official, who spoke on the condition of anonymity because the official was not authorized to speak publicly in advance of the meeting. “The public and private sectors must meet this moment together, and the American people are counting on us.”
The official signaled that Wednesday’s meeting would be just the beginning of Biden’s outreach to the private sector, saying this won’t be Biden’s “last engagement” on these issues.
Biden has been dogged by cybersecurity crises, taking office just weeks after a far-reaching Russian hacking campaign on federal agencies and prominent companies, including Microsoft, came to light. In the months since his inauguration, the administration has scrambled to respond to blockbuster ransomware attacks that have hit schools, meat processors, local governments and small businesses, in addition to the Colonial Pipeline.
The administration has taken a number of steps to shore up critical industries in response, including creating a voluntary program that outlines how energy, transportation and agriculture companies should protect themselves against digital attacks. And the White House earlier this summer mandated that pipelines adopt specific protections to prevent ransomware attacks.
That threat of regulation could be a driving force behind companies’ attendance at the summit and willingness to partner with the administration on key initiatives.
“We’ve had a decade or more for industry to do voluntary [cyber] standards and it hasn’t emerged,” Michael Daniel, the president of Cyber Threat Alliance and a former White House cyber coordinator during the Obama administration, said in an interview. “So I think the government saying, ‘Look, we’ve got to get serious about this and either you guys need to do it or we have to look at mandatory approaches,’ is an appropriate place to be.'”
After a meeting with the president, industry officials will meet in breakout sessions. Homeland Security Secretary Alejandro Mayorkas and Energy Secretary Jennifer Granholm will meet with energy, financial and water companies to discuss the resilience of critical infrastructure. National Cyber Director Chris Inglis will lead the meeting with education leaders about the shortage of cybersecurity workers, and Commerce Secretary Gina Raimondo will meet with tech and insurance executives about building long-term cybersecurity.
“We need to transition to where technology is built securely by default, we bake in security by design,” the White House official said. “We don’t buy a car and then buy the air bag separately. We need to know we’re buying secure tech.”
The Washington Post