IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

White House, Private Firms Meet Over National Cybersecurity

Senior federal officials met with education, insurance, critical infrastructure and technology organizations to talk expanding the cybersecurity workforce, defending essential systems and designing more secure tech products.

White House
President Biden and other high-level federal officials meet today to discuss improving the nation’s cybersecurity with top members of utilities, insurers, computer science education groups and technology firms. The talks are intended to center on three core weaknesses that leave individuals and organizations at greater risk of falling to cyber attack, a senior administration official said in a White House press briefing.

Attendees’ discussions are expected to focus on expanding the cybersecurity workforce to sate unmet demand for talent, encouraging critical infrastructure providers to enhance their defenses against ransomware and pushing vendors to infuse greater security into their offerings.

The senior White House official said that the Aug. 25 sessions are an opportunity for attendees to air ideas and examine various approaches to incentivize change. Officials also expect to obtain “specific commitments” from companies, and small group breakout sessions are intended to see public- and private-sector officials pin down clear next steps for better protecting the nation.

CYBER WORKFORCE


Public and private organizations struggle to improve their defenses when they simply don’t have enough staff to do the work, and the White House estimates that 500,000 cybersecurity positions remain unfilled.

National Cyber Director Chris Inglis is scheduled to discuss the issue in a breakout session with representatives from higher education institutions and grade school-focused nonprofits. These include Girls Who Code and Code.org, as well as the University of Texas System, Tougaloo College and Whatcom Community College.

CRITICAL INFRASTRUCTURE


Department of Homeland Security Secretary Alejandro Mayorkas and Department of Energy Secretary Jennifer Granholm are meeting in turn with representatives of energy, financial and water sectors to discuss improving the resilience of critical infrastructure.

Mayorkas highlighted this issue when he outlined a series of planned cybersecurity sprints earlier this year. At the time, he evoked the incident at the Oldsmar, Fla., water treatment facility as a testimony to what’s at stake and named improving the resilience of industrial control systems as the focus of this third sprint, which is scheduled for this summer.

Members of JP Morgan Chase, Bank of America, TIAA and U.S. Bancorp will represent the financial sector, according to the White House press release. Electric and water sector attendees were not identified.

SECURING TECHNOLOGY PRODUCTS


The White House also wants technology companies to ensure their products are secure before releasing them — rather than relying on later issuing patches and advice to shore up issues.

Designing offerings with security more in mind would mean that final products provide fewer opportunities for bad actors to slip in during the time before the vulnerabilities are repaired. The senior official also said it would reduce demands on customers to keep up with the updates and defend themselves. Small businesses in particular can be burdened by having to install security patches, the official said, and residents who are less comfortable online are especially likely to be put at risk from insecure products.

“We need to bake security in by design into tech, otherwise we’re pushing the cost of maintaining security to the users,” the senior administration official said.

Department of Commerce Secretary Gina Raimondo and Small Business Administration leader Isabella Guzman will tackle this topic in a breakout session titled “Building Enduring Cybersecurity.” They are slated to meet with insurance sector representatives from Coalition, Vantage Group, Resilience and Travelers as well as members of technology firms. ADP, Apple, Amazon, Google, IBM and Microsoft are also scheduled to participate.

LEVERS FOR CHANGE


Meetings that focus only on discussing ideas are unlikely to produce change, so federals officials must also determine how they can best push private partners to turn these recommendations into action. Biden administration officials have tended to avoid jumping straight to regulations but instead have been thus far willing to test a variety of motivational levers.

Biden’s May executive order made an appeal to companies’ bottom lines by restricting federal procurement to only those vendors that meet certain security standards, and the senior administrator official said meeting-goers are expected to discuss how insurance plans can also encourage firms to improve cyber hygiene.

New regulations seem to still be on the table, however. A late-July White House memorandum encouraged critical infrastructure operators to voluntarily adopt certain security improvements, and the senior administration official implied these measures could become obligatory.

“[The memorandum] said, ‘these are the voluntary cybersecurity goals that outline our expectations for owners and operators of critical infrastructure,’" the official said. “And then we want to work with the private sector and Congress to ensure these standards are adopted across the board.”