Major tech groups commit to array of cybersecurity actions following White House meeting

The federal government and several major technology companies on Wednesday announced they are taking a host of steps to enhance the nation’s cybersecurity, specifically focused on growing the cyber workforce and investing billions of dollars in the field. 

The announcements followed a meeting on cybersecurity at the White House with President Biden and key members of his administration on cybersecurity, and on the heels of months of high-profile cyberattacks.

Biden met with officials of over two dozen groups from a range of fields, including the leaders of Alphabet, Amazon, Apple, IBM, Microsoft, Bank of America, JPMorgan, Duke Energy, PG&E, Travelers insurance, and the University of Texas System. 

Following the meeting, several of the companies announced massive cybersecurity funding commitments, including Microsoft, which said that it would commit $20 billion over the next five years to help integrate cybersecurity into products and advance cybersecurity solutions. It is also establishing a $150 million program to provide federal, state and local governments with funds to enhance cybersecurity. 

In addition, Google announced a major investment of $10 billion over the next five years to strengthen cybersecurity, pledging an additional $100 million to support third-party security groups, while Amazon announced it would begin offering free security awareness training to the public in October.  

Biden stressed the need to focus on strengthening the nation’s cybersecurity workforce in his comments kicking off the meeting Wednesday, noting that “half a million” cybersecurity positions are currently unfilled and describing this as a “real opportunity.” 

“The reality is, most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said. “I have invited you all here today because you have the power, the capacity, and the responsibility I believe to raise the bar on cybersecurity, and so ultimately we’ve got a lot of work to do.”

The set of actions strongly emphasized enhancing the cybersecurity workforce. 

IBM pledged to train 150,000 individuals in cybersecurity skills over the next three years, and diversify the process through establishing cybersecurity leadership centers at 20 Historically Black Colleges and Universities.  

Microsoft announced it planned to expand partnerships with community colleges and non-profits to bolster cybersecurity training, while Google set a goal to enhance the skills of 10 million Americans from basic to advanced by 2023.  

Educational groups are also taking action, with Code.org announcing that it will work to teach cybersecurity concepts to 3 million students over the next three years, and Girls Who Code promising to establish a micro credentialing program targeting those historically excluded from the technology field.  

“No private company can face this monumental challenge alone,” IBM Chairman and CEO Arvind Krishna wrote as part of a LinkedIn post announcing his company’s actions. “Now is the time for the public and private sectors to step up their collective efforts to improve our nation’s cybersecurity for decades to come.”

The federal government took action as well, with the White House announcing that the Biden administration was expanding its industrial control systems cybersecurity program to strengthen natural gas pipelines against cyberattacks. 

Additionally, the National Institute of Standards and Technology (NIST) will work with industry partners to develop a new framework for improving cybersecurity of technology supply chains, and the Department of Homeland Security (DHS) is set to establish a Cybersecurity Talent Management System to modernize recruitment and retention of employees. 

Biden hinted Wednesday of a potential announcement from the White House on ransomware attacks, noting that “my team is hosting a meeting bringing together 30 of the nations, 30 nations to step up in their fight against ransomware.” A spokesperson for the White House did not respond to The Hill’s request for more details on this meeting.  

The meeting Wednesday included breakout sessions following the full meeting with Biden led by top administration officials including DHS Secretary Alejandro Mayorkas, Energy Secretary Jennifer Granholm, Commerce Secretary Gina Raimondo, and White House National Cyber Director Chris Inglis. 

The meeting came after months of massive cyberattacks on both public and private groups, with the Biden administration forced to make enhancing cybersecurity a priority since Biden’s first day in office.

These attacks have included the SolarWinds hack, in which Russian-government backed hackers breached nine U.S. federal agencies and 100 private sector groups for most of 2020 to conduct espionage operations. Biden levied sanctions on Russia for the breach in April. 

In addition, the administration formally called out the Chinese government last month for its involvement in exploiting vulnerabilities in Microsoft’s Exchange Server email application earlier this year, potentially compromising thousands of companies. 

Ransomware attacks have been an increasingly serious concern for the administration as well, following attacks this year on Colonial Pipeline, meat producer JBS USA, and software company Kaseya. 

White House press secretary Jen Psaki stressed Wednesday the need for both the federal government and the private sector to work together to address the increasing cyber threats. 

“We have worked in partnership with some to address these cyber breaches, and also there is an impact on the American public in many cases,” Psaki told reporters during the daily press briefing. “Our view has long been that it is a combined responsibility of the federal government to put in place clear guidelines, clear best practices, and the private sector to take steps to harden their own cybersecurity.”