President Biden is holding a cybersecurity summit with the chief executives of some of the U.S.’ largest technology companies following a slew of hacking incidents in the past year.
Officials from Google, Amazon, Apple, Microsoft, IBM and ADP will file into the White House on Wednesday, according to a senior Biden administration official. Representatives from the financial sector will also join the event, including JP Morgan Chase, Bank of America TIAA, and U.S. Bancorp.
Microsoft was among the roughly 100 companies and nine government agencies impacted by the SolarWinds supply chain attack first discovered last year. Earlier this year, a cyber espionage attack on Microsoft’s Exchange email server impacted hundreds of thousands of organizations worldwide, sending cybersecurity responders into a frenzy.
“We need to bake security in by design into tech, otherwise we’re pushing the cost of maintaining security to the users,” the Biden administration official said. “You’re pushing it on small companies who have got to patch. You’re putting it on older or less educated, less technically comfortable people.”
The official said ransomware is “one key focus” of Wednesday’s meeting. In May, a massive computer hack prompted Colonial Pipeline, which transports nearly half of the East Coast’s fuel supply, to shutter for 11 days. A month later, a cyberattack attributed to REvil, a Russian-speaking ransomware gang, forced the world’s largest meat processor, Brazil-based JBS, to halt cattle-slaughtering operations at 13 of its meat processing plants in the U.S.
“We’ve got to have more security,” the Biden official said. “We’ve been talking about critical infrastructure for quite some time now, saying, ‘Look, folks, don’t be the next Colonial.'”
Wednesday’s meeting comes as the Biden administration struggles to solicit information sharing from private stakeholders in the wake of such cyberattacks. For months, lawmakers have grappled with questions over whether to mandate that private companies report ransomware attacks.
Last month, a bipartisan group of senators — including Senators Mark Warner, Marco Rubio and Susan Collins — introduced a cyber bill that if passed would require federal government agencies, federal contractors and operators of critical infrastructure to notify CISA and DHS within 24 hours of “confirmation” of a cybersecurity incident.
Homeland Security Secretary Alejandro Mayorkas, Energy Secretary Jennifer Granholm and Commerce Secretary Gina Raimondo are also expected to attend Wednesday’s summit.
The official told reporters that the White House also plans to unveil a series of cybersecurity initiatives, including one focused on workforce and talent recruitment. “Even as we face this growing threat, the skilled workforce we need to meet the challenge hasn’t kept pace. There are approximately 500,000 cybersecurity jobs that are unfilled today,” the official said.
Earlier this month, Mayorkas previewed efforts to launch the Department of Homeland Security’s Cybersecurity Talent Management System, a program — seven years in the making — that will work to recruit new cybersecurity talent into the federal government.
“It’s taken too long to get here, but we are proud to have gotten this hiring effort over the finish line,” Mayorkas told an audience at the BlackHat cybersecurity convention. “Developing a top-tier, diverse cybersecurity workforce will remain a priority for us at DHS and the federal government under the Biden-Harris Administration.”
According to OMB data, the federal cybersecurity workforce is older than the U.S. labor force. Just 5.7% of the full-time federal cyber employees were under the age of 30 in September 2020, while 20% of the overall U.S. labor force in 2020 was under the age of 30.
