The White House hosted a Cybersecurity Summit this week with leaders from approximately 40 companies with a footprint within the cybersecurity world. The President was unambiguous in calling on industry to step-up their cybersecurity investments, “You have the power, capacity and responsibility, I believe to raise the bar.” The summit follows on the heels of the July 28 issuance of a National Security Memorandum addressing necessary improvements to cybersecurity for critical infrastructure.
The President, according to the Washington Post, told the assembled, “We’ve seen time and again how the technologies we rely on from our cellphones to pipelines to the electric grid can become targets of hackers and criminals.”
One of the key takeaways is the directive to the National Institute of Standards and Technology (NIST) to “collaborate with industry and other partners to develop a new framework to improve the security and integrity of the technology supply chain.” Furthermore, the administration has doubled down on the “Industrial Control System Cybersecurity Initiative” expanding the initiative from just the electric power sector to natural gas pipelines.
Cyber insurance leverage to better standards
Joshua Motta, CEO of Coalition, noted the role which insurers can play in “incentivizing companies to improve particular standards.” Resilience, an insurance provider announced they will now require policyholders to adopt certain cybersecurity best practices as a condition of receiving cyber insurance. Meanwhile, as if on cue, Coalition, also a cyber insurance company, advised their proprietary cybersecurity risk assessment and continuous monitoring platform will now be available, for free, to any organization.
Cybersecurity Training and jobs
One of the key areas where the U.S. is currently experiencing a dearth of personnel is qualified individuals within the cybersecurity sector to fill the thousands of jobs looking for qualified applicants. To this end, the cybersecurity summit was used as a launching pad by a number of companies to highlight how they were going beyond talk, and are putting their money and resources where their mouth is, as detailed by the White House:
- Apple – Will work with “suppliers — including more than 9,000 in the United States— to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.”
- Google – Will invest $10 billion over next five years to expand zero-trust programs and secure software supply chains
- IBM – Pledges to train 150,000 people in cybersecurity skills over the next three years.
- Microsoft – Will invest $20 billion “over the next five years to accelerate efforts to integrate cybersecurity by design and deliver advanced security solutions.” They also are availing, immediately, $150 million to help with cybersecurity in the public sector, as well as enhance cybersecurity training with non-profits and community colleges.
- Amazon – Avails their internal cybersecurity awareness training they provide to their employees to the public at no charge. In addition, it will “make available to AWS account holders a multifactor authentication device” at no charge.
- Code.org – “Teach cybersecurity concepts to over 3 million students across 35,000 classrooms over 3 years”
- Girls Who Code – “The program will make scholarships and early career opportunities more accessible to underrepresented groups.”
- University of Texas System – “upskill and reskill over 1 million workers across the nation by making available entry-level cyber educational programs through UT San Antonio’s Cybersecurity Manufacturing Innovation”
- Whatcom Community College – NSF Advanced Technological Education National Cyber Security Center – free cyber education and training to faculty and support program development for colleges to “fast-track” students from college to career.
What the cybersecurity industry is saying about the cybersecurity summit
ClearanceJobs reached out to industry to get a their reactions and were provided a plethora of diverse points of view, not all positive.
- “Individual organizations have unsuccessfully fought head-to-head against cyber attackers, which has made it evident that success hinges on building a collective defense. This week’s White House Cybersecurity Summit has made it clear that information sharing between trusted groups is critical, enabling members to alert one another in the event of an attack. The proposed initiatives offer positive forward momentum, but to triumph, both private and public sectors need to commit to sharing intelligence and alerting each other at the ground level.” – Anuj Goel, CEO and co-found of Cyware and former head of Citi’s cyber fusion center
- While cloud storage has evolved to where businesses can store seemingly infinite amounts of data in the cloud, it’s harder than ever to protect and backups alone clearly don’t suffice. Immutability enables users to designate certain files as objects that cannot be tampered with by anyone, even a systems administrator.” – David Friend, CEO of Wasabi
- “It’s crucial that commercial organizations have access to sophisticated tooling to help them automate security checks, scan for vulnerabilities, identify and remediate issues that violate best practices, and stay certified with updated regulations.” – Tim McKinnon, CEO at CloudCheckr
- “It’s a positive sign to see cyber security being given the highest level of attention at the national level. We’ve always said cybersecurity is a team sport and a strong partnership between the public and private sectors is essential to securing critical infrastructure and raising our collective cybersecurity posture as a nation.” – Brian Murphy, CEO of ReliaQuest
- “Sweeping initiatives such as this act as a lightning rod – advancing security by bringing to bear the assets of both private and federal organizations. The clear commitment to skills training is positive. As we’ve seen cybersecurity risk expand organization-wide in the past year, knowledge, skills and judgment must continue to track this. Expanding beyond technical teams to include everyone from the Executive function to departmental heads is the only way to effectively mitigate this growing risk.” – James Hadley, CEO of Immersive Labs
- “It’s a promising sign that insurance was brought to the forefront of the latest White House discussions with private sector leaders about how we can improve our nation’s cybersecurity. Despite the recent negativity surrounding cyber insurance, it’s important to take steps in the right direction, first by dispelling falsehoods and instead recognizing that insurance can have a positive effect on organizations to shore up their cyber defenses. Insurance carriers are an essential component in driving the adoption of security controls and technologies across every industry. By incentivizing organizations, insurance carriers can not only create the new standards of security but also help enforce consistency – something that is difficult to do in an ad hoc manner. Insurance carriers become an ally and force multiplier for organizations of every size by delivering access to more affordable security solutions that don’t compromise on quality. Organizations that partner closely with their cyber insurance carrier will, by and large, be better equipped to protect themselves against the emerging cyber threat landscape.” – Jason Rebholz, CISO, Corvus Insurance
- “The meeting along with the creation of the JCDC is a historic step in civilizing American cyberspace. The Administration challenged the technology giants to invest in cybersecurity to protect our economic and national security from the cybercrime cartels.” – Tom Kellermann, Head of Security Strategy at VMware and Member of the Secret Services’ Cyber Investigations Advisory Board
- “The initiatives announced amplify mainly existing efforts, making the output of the meeting itself is a bit of a non-event. What’s important though is the message that the visual sends; cybersecurity is THE most important issue in technology right now. We need more collaboration and investment from everyone working with or building technology.” – Mark Nunnikhoven, Distinguished Cloud Strategist at Lacework
- “The Biden Administration’s focus on cybersecurity risk is laudable. With many employees working from home due to covid and many others planning to change jobs this summer, a critical area of risk that needs to be addressed is the risk caused by insiders who exfiltrate company data. Our research shows that two-thirds of all breaches involve an insider; yet only 10% of security budgets are devoted to addressing Insider Risk. Sixty percent of employees admit that they took data – customer lists, source code, strategic plans – from their last company to help them in their current company. This really highlights the magnitude of the Insider Risk problem.” – Joe Payne, president and CEO, Code42
- “We are pleased to see the Biden Administration’s continuing emphasis on the importance of investing in improved cyber security practices for public and private sector organizations. This commitment is crucial in addressing the increased volume of threats and the ever evolving threat landscape. It’s become clear that our defenses must also evolve from traditional models to the adoption of a Zero Trust architectural approach that focuses on strong user and identity security as the first line of defense. We are also pleased to see an emphasis on strong collaboration between the public and private sectors to share information and best practices as we all face the same threats and adversaries. Initiatives such as the National Cybersecurity Center Of Excellence’s (NCCOE) work around Zero Trust, of which Okta is a proud contributor, will move us all closer to our vision of a safer digital world.” – Sean Frazier, Federal CSO, Okta
- “It’s great that Cybersecurity has now become one of the priority focuses of a Presidential Administration. One of the outcomes was an additional NIST-led framework to be created, but I wonder if there are opportunities to make the existing frameworks we have even better and update them to scale in applicability to modern threats and modern supply chains. It appears there were many influential organizations and prominent change agents attending the meeting, but I would’ve suggested a contingent of Security Leaders (CISOs) that could provide more insight into the cyber fight and an imperative contribution to the path forward.” – Lamont Orange, CISO, Netskope
Industry leaders see their role in enhancing the cybersecurity of the United States, and clearly left the summit with the understanding more steps will follow, creating a more robust environment where the public-private partnerships will flourish.