President Joe Biden called on the leaders of prominent businesses including Apple, Google and JPMorgan Chase to do more to respond to cybersecurity threats during a meeting Wednesday at the White House.
“The reality is most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said. “You have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity. Ultimately we’ve got a lot of work to do.”
Biden raised concerns about the shortage of cybersecurity professionals, as the White House estimates roughly half a million cybersecurity jobs remain open, amid an onslaught of cybersecurity attacks.
Along with key members of his Cabinet and national security officials, Biden seeks to address the “root causes of any kind of malicious cyber activity,” a senior administration official told reporters, amid a devastating wave of high-profile attacks.
Topics on the agenda include ransomware, the shortage of cybersecurity professionals and building software and devices with default security protections. The administration is expected to press firms in critical sectors, such as water and energy, to improve their protections to prevent a repeat of the Colonial Pipeline hack, which in May disrupted fuel supplies in the eastern United States, the official told reporters.
The administration and companies in attendance are also slated to announce commitments later on Wednesday related to these topics.
Apple CEO Tim Cook, IBM CEO Arvind Krishna and Alphabet CEO Sundar Pichai sat to Biden’s right as he addressed the executives, who were seated around a square table in the White House East Room. Amazon CEO Andy Jassy, JPMorgan Chase CEO Jamie Dimon and chief executives from major insurance, energy and water companies are attending, according to a list provided by the White House. Representatives from nonprofit organizations focused on computer science education, including Code.org, and several colleges have been summoned to discuss efforts to bolster the cybersecurity workforce, as about 500,000 U.S. cybersecurity jobs remain vacant. (Amazon founder Jeff Bezos owns The Washington Post.)
Amid a scourge of ransomware attacks and other hacks hitting businesses nationwide, the meeting marks one of the most high-profile displays of the Biden administration’s mounting pressure campaign on companies across economic sectors to do more to shore up their systems against cyberattacks. The gathering, which the White House first announced last month, highlights a growing recognition of the key role companies have to play in defending the United States against major cyberattacks, predominantly by bolstering their own defenses.
“We’ve seen time and again how the technologies we rely on from our cellphones to pipelines to the electric grid can become targets of hackers and criminals,” the president said.
The official signaled that Wednesday’s meeting would be just the beginning of Biden’s outreach to the private sector, saying this won’t be Biden’s “last engagement” on these issues.
Biden has been dogged by cybersecurity crises, taking office just weeks after a far-reaching Russian hacking campaign on federal agencies and prominent companies, including Microsoft, came to light. In the months since his inauguration, the administration has scrambled to respond to blockbuster ransomware attacks that have hit schools, meat processors, local governments and small businesses, in addition to the Colonial Pipeline.
The administration has taken a number of steps to shore up critical industries in response, including creating a voluntary program that outlines how energy, transportation and agriculture companies should protect themselves against digital attacks. And the White House earlier this summer mandated that pipelines adopt specific protections to prevent ransomware attacks. During his opening remarks at Wednesday’s event, Biden said he has discussed recent cyberattacks with Russian President Vladimir Putin earlier this year, saying he “made it clear to him that we expected him to hold them accountable as well.”
“They know where they are and who they are,” Biden said.
That threat of regulation could be a driving force behind companies’ attendance at the summit and willingness to partner with the administration on key initiatives.
“We’ve had a decade or more for industry to do voluntary [cyber] standards and it hasn’t emerged,” Michael Daniel, the president of Cyber Threat Alliance and a former White House cyber coordinator during the Obama administration, said in an interview. “So I think the government saying, ‘Look, we’ve got to get serious about this and either you guys need to do it or we have to look at mandatory approaches,’ is an appropriate place to be.'”
After meeting with the president, industry officials are meeting in breakout sessions. Homeland Security Secretary Alejandro Mayorkas and Energy Secretary Jennifer Granholm are meeting with energy, financial and water companies to discuss the resilience of critical infrastructure. National Cyber Director Chris Inglis leads the meeting with education leaders about the shortage of cybersecurity workers, and Commerce Secretary Gina Raimondo meets with tech and insurance executives about building long-term cybersecurity.
“We need to transition to where technology is built securely by default, we bake in security by design,” the White House official said. “We don’t buy a car and then buy the air bag separately. We need to know we’re buying secure tech.”