The White House’s August 25 cybersecurity meeting between administration officials, tech-sector and other private-company CEOs, and representatives of the education and insurance sectors yielded a long list of big-dollar corporate commitments to improve security, and the pledges of educational institutions to offer programs that aim to help swell the size of the U.S. cybersecurity workforce.
President Biden said the purpose of the meeting was to “raise the bar” on cybersecurity across the government, critical infrastructure, and private sectors. On the Federal government front, the meeting produced a directive to the National Institute of Standards and Technology to map out a new framework “to improve the security and integrity of the technology supply chain,” and to expand a government Industrial Control Systems Cybersecurity Initiative to the natural gas pipeline sector.
Beyond those, however, the meeting produced a variety of high-profile security and educational commitments from the private sector.
The White House announced that Apple will create “a new program to drive continuous security improvements throughout the technology supply chain.” That program, the White House said, will see the company work with its suppliers to “drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.”
It also announced that Google will invest $10 billion over five years “to expand zero-trust programs, help secure the software supply chain, and enhance open-source security.”
In a post on its policy blog, Google said it welcomed the chance to participate in the White House meeting and share its recommendations. “The meeting comes at a timely moment, as widespread cyberattacks continue to exploit vulnerabilities targeting people, organizations, and governments around the world,” the company said.
The White House said that Microsoft will invest $20 billion over five years “to accelerate efforts to integrate cybersecurity by design and deliver advanced security solutions.” Microsoft also will “immediately make available $150 million in technical services to help Federal, state, and local governments with upgrading security protection.”
It remains unclear from the White House’s announcement to what degree, if any, the spending commitments by the three companies represent new investments, or spending that had already been contemplated.
On the cybersecurity education front, tech and education organizations revealed a lengthy list of plans and programs to help boost cybersecurity education programs, with the goal of shrinking the talent gap in the cybersecurity workforce arena. According to the White House, those include:
- Google will “help 100,000 Americans earn industry-recognized digital skills certificates that provide the knowledge that can lead to secure high-paying, high-growth jobs”;
- IBM will “train 150,000 people in cybersecurity skills over the next three years, and will partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to grow a more diverse cyber workforce”;
- Microsoft will “expand partnerships with community colleges and non-profits for cybersecurity training”;
- Amazon will “make available to the public at no charge the security awareness training it offers its employees”;
- Code.org “will teach cybersecurity concepts to over 3 million students across 35,000 classrooms over 3 years, to teach a diverse population of students how to stay safe online, and to build interest in cybersecurity as a potential career”;
- Girls Who Code will “establish a micro credentialing program for historically excluded groups in technology. The program will make scholarships and early career opportunities more accessible to underrepresented groups”;
- University of Texas (UT) System “will expand existing and develop new short-term credentials in cyber-related fields to strengthen America’s cybersecurity workforce. A major part of this effort will be to upskill and reskill over 1 million workers across the nation by making available entry-level cyber educational programs through UT San Antonio’s Cybersecurity Manufacturing Innovation Institute.” The White House said that “credentials do not depend on traditional degree pathways, and should also contribute significantly to diversifying the pipeline”; and
- Whatcom Community College, which has been designated as the new NSF Advanced Technological Education National Cybersecurity Center, “will provide cybersecurity education and training to faculty and support program development for colleges to ‘fast-track’ students from college to career.”
Finally, the White House said that cyber insurance providers will “require policy holders to meet a threshold of cybersecurity best practice as a condition of receiving coverage.”
And, cyber insurance provider Coalition will “make its cybersecurity risk assessment & continuous monitoring platform available for free to any organization.”