White House summons US chief executives for cyber security summit

Cyber Security updates

Sign up to myFT Daily Digest to be the first to know about Cyber Security news.

Joe Biden will meet more than 20 chief executives from the technology, energy, banking, insurance and education sectors at the White House on Wednesday to discuss broad deficiencies in US cyber security.

The president, along with his commerce, energy and homeland security secretaries, will host the business leaders in the wake of several high-profile attacks on infrastructure, including on the Colonial Pipeline in May, as well as a proliferation of ransomware attacks affecting businesses and public services.

Apple’s Tim Cook, Alphabet’s Sundar Pichai, Microsoft’s Satya Nadella and Amazon’s Andy Jassy are among the executives due to attend.

The president will hail the meeting, announced in July, as a “call to action” on the root causes of malicious online activity, a senior administration official said. There will also be an emphasis on solving a cyber security skills shortage. The US has about 500,000 unfilled vacancies in the sector.

Jamie Dimon of JPMorgan Chase and Brian Moynihan of Bank of America are among the executives attending from the banking sector. Other companies involved include payroll software provider ADP and energy companies ConocoPhillips and PG&E.

Several insurance providers, including Resilience and Travelers, will take part, as will a number of educational groups, such as the non-profit Code.org.

A breakout session involving the tech groups and insurers will consider how policies can encourage better “cyber hygiene” in the private sector, the official added. Biden’s top cyber security officials, including Chris Inglis, the national cyber director, will facilitate the discussion.

Following the afternoon meeting, the companies will announce a number of “concrete steps” and commitments to help fight cyber crime, the official said.

The meeting will take place as Congress deliberates measures to address the raft of cyber attacks that have hit the public and private sectors over the past year, the most severe of which were said to have been perpetrated by actors based in Russia and China.

In December, an attack on the Austin, Texas-based IT company SolarWinds, involved malignant code being inserted into software used by at least nine federal agencies and about 100 companies, officials have said. Attackers were said to have exploited the vulnerability for at least nine months.

In response, the bipartisan Cyber Incident Notification Act, introduced last month, seeks to enforce stricter rules on cyber attack disclosures for companies that work with the federal government or provide critical infrastructure.

In July, Biden signed a national security memorandum outlining cyber security performance goals for critical infrastructure, such as essential services for power, water and transportation.

It followed an executive order mandating minimum security standards for software sold to the government and an instruction to invest in the government’s capabilities when it came to detecting attacks on its networks.