President Joe Biden will huddle Wednesday with industry leaders to issue a “call to action” on cybersecurity and make “concrete announcements” to counter the fundamental causes of cyberattacks, according to a senior administration official.
It’s a star-studded afternoon gathering scheduled to include the likes of Apple CEO Tim Cook and JPMorgan Chase CEO Jamie Dimon from the financial, technology, energy, insurance and education sectors, then feature discussions led by top administration officials. The White House has been working to secure commitments from industry in advance of the meeting, mostly in the areas of “technology and talent,” the official said in a background call with reporters on Tuesday.
Two points of emphasis, the official said, are building technology that is secure from the outset, and better defending critical infrastructure after the ransomware attack on Colonial Pipeline led to a fuel scare.
“We need to bake in security by design into tech,” the official said. “We’ve been talking to critical infrastructure for quite some time around, ‘Look folks, don’t be the next Colonial … Put in place the visibility you need, particularly on your operational technology networks.’ So we’ve been very focused in discussions on those initiatives, and the announcements will relate to those.”
More specific areas of focus for industry commitments could include multifactor authentication, workforce training, supply chain security and adopting a “zero trust” model where organizations presume they can’t trust anyone or anything inside the networks, a source familiar with the event told CyberScoop.
Many of those areas featured prominently in an executive order Biden signed in May, which emphasized federal network cybersecurity.
The gathering has been on the calendar for a month, but stands out for arriving even as the White House national security team is consumed by the withdrawal from Afghanistan. While ransomware has weighed heavily on the administration’s cybersecurity agenda, the administration official said the point of Wednesday’s meeting is to go deeper.
“We really wanted to take a focus on the enduring and really the root causes of any kind of malicious cyber activity,” the official said.
The message is that it takes both public and private sector action to conquer cybersecurity, the official said. “The administration has really taken a whole set of … approaches along the spectrum of asking to mandating” steps from businesses, according to the official. That has included a greater willingness to push regulations.
But not all of the meeting’s agenda is set in stone.
“Gathering this kind of group together to discuss the issues will also be an opportunity for new ideas and new discussions,” said the official.
Top executives from the financial industry scheduled to attend include the CEOs of Bank of America, JPMorgan, TIAA and U.S. Bancorp; from energy and water, top execs of American Water, ConocoPhillips, Duke Energy, PG&E, SJW Group, Southern Company and Williams; from tech, chief executives of ADP, Google parent company Alphabet, Amazon, Apple, IBM and Microsoft; and from insurance, executives from Coalition, Resilience, Travelers and Vantage Group Holdings.
For the education sector, the official said, the administration was cognizant of not contacting only leaders of four-year universities in a bid to fill hundreds of thousands of cybersecurity job vacancies in the U.S. “What makes me so excited about cyber education is the opportunity it offers to Americans of all backgrounds,” the official said.
Education participants scheduled to attend include leaders of Code.org, Girls Who Code, Tougaloo College, the University of Texas System and Whatcom Community College.
Biden is expected to spend an hour with the private sector and education leaders, according to two sources who have been briefed on the agenda.
Scheduled to attend or lead group-by-group discussions from the Biden administration are Commerce Secretary Gina Raimondo, Energy Secretary Jennifer Granholm, Homeland Security Secretary Alejandro Majorkas, Small Business Administration chief Isabel Guzman, National Security Adviser Jake Sullivan, Director of the National Economic Council Brian Deese, Senior Adviser and Director of the Office of Public Engagement Cedric Richmond, Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger, National Cyber Director Chris Inglis and Cybersecurity and Infrastructure Security Agency Director Director Jen Easterly.
Sean Lyngaas contributed to this story.