Two weeks ago, President Biden held a cybersecurity summit at the White House, where a raft of public and private initiatives were announced to improve the nation’s cybersecurity posture. CEOs of major technology companies, including Alphabet, Amazon, Apple and Microsoft, as well as banks, insurers and educational institutes were in attendance. Held under the shadow of recent devastating cyberattacks linked to foreign adversaries, Biden framed the summit as a call to the private sector to help combat these threats, declaring that “the federal government can’t meet this challenge alone.” The new initiatives focus on protecting the technology supply chain, expanding utility infrastructure security, and growing the national cybersecurity workforce.
Strengthening Links in the Supply Chain
Major supply chain attacks, such the Kaseya and SolarWinds hacks, have highlighted the risk organizations face from their own IT vendors and service providers. A successful attack on a prominent vendor can potentially compromise hundreds or thousands of downstream customers. The White House has instructed the National Institute of Standards and Technology (NIST), in partnership with private sector technology and insurance companies, to develop a framework for securing the technology supply chain. Though details are currently scant, this framework is expected to focus specifically on software supply chain vulnerabilities. Apple and Google also announced programs to improve supply chain security through the promotion of multi-factor authentication, vulnerability remediation, open-source software security and zero trust principles.
Securing Critical Infrastructure
In a move clearly prompted by the ransomware attack on the Colonial Pipeline, the Biden Administration is also expanding its Industrial Control Systems Cybersecurity Initiative into the natural gas sector. The initiative, now covering electric utilities and natural gas pipelines, seeks to harden critical national infrastructure against future attacks.
Educating a Cybersecurity Workforce
Building up the country’s cybersecurity workforce to meet acute demand is another key goal of the summit. IBM plans to train 150,000 cybersecurity workers and, along with Microsoft, pledged to partner with colleges and non-profits to promote educational opportunities in the field. Several educators, including Code.org, Girls Who Code, the University of Texas System and Whatcom Community College also announced training programs intended to expand and diversify the pool of cybersecurity professionals.
Raising the Bar
In his remarks on the summit, President Biden exhorted companies to “raise the bar on cybersecurity.” All organizations, whether public or private, have a role to play in supporting the nation’s cyber defense. By improving your organization’s cybersecurity posture, you are not only protecting yourself but also helping to make the country safer and stronger.