with Aaron Schaffer

President Biden meets with top executives from the tech, finance, gas, water and insurance industries today.

The administration is describing the gathering as a “call to action” to improve the nation’s cybersecurity. 

The gathering has been in the works for about a month and will include Apple CEO Tim Cook, Amazon CEO Andy Jassy, JPMorgan Chase CEO Jamie Dimon and CEOs from major insurance, energy and water companies, according to a list provided by the White House. Representatives from nonprofit organizations focused on computer science education will also be there, as Cat Zakrzewski and I report

Here are some the key goals for the meeting, according to a senior administration official:
  • Getting commitments from tech companies to bake more cybersecurity into tech products so consumers don’t have to install an endless string of updates to keep from being hacked.
  • Persuading firms in critical sectors such as energy, transportation and manufacturing to upgrade cyber protections so they aren’t hit with economy-shaking ransomware attacks.
  • Encouraging a surge in cyber education and training to help fill roughly 500,000 vacant cybersecurity jobs across the nation.

The government and companies are slated to make announcements related to those priorities, said the official, who was not authorized to speak publicly in advance of the meeting. 

“The president recognizes that the escalating cyber threats we face require a whole-of-nation effort,” the official said. “This meeting will highlight the scope of the challenge we face, but also the opportunity.”

There’s also a threat lurking in the background. 

The White House has already mandated new cyber protections for the pipeline industry after the Colonial Pipeline attack, which sparked panic buying in the Southeast. Officials have openly speculated about imposing such mandates across critical infrastructure sectors if security doesn’t improve and if Congress grants them broader authority.

This may be one of the last chances for industry to make big voluntary cybersecurity changes before regulations force such action.

“We’ve had a decade or more for industry to do voluntary [cyber] standards and it hasn’t emerged,” Michael Daniel, White House cyber coordinator during the Obama administration, told me. “So I think the government saying, ‘Look, we’ve got to get serious about this, and either you guys need to do it or we have to look at mandatory approaches,’ is an appropriate place to be."

Private companies control most of the Internet – and are the most common victims of cyberattacks. 

But, in many cases, their cyber protections haven’t kept pace with the threats. 

Previous government efforts to persuade companies to take cybersecurity more seriously have floundered. But that may change following a string of blockbuster attacks including Colonial Pipeline and a ransomware attack targeting the meat processor JBS that threatened to slow global meat production. A Fourth of July weekend ransomware attack against the software company Kaseya affected hundreds of U.S. businesses.

“The profile of cyber incidents is now just much higher,” said Daniel, now president of the Cyber Threat Alliance industry group.

The federal government can’t solve this complex, growing international challenge alone, and we can’t do it overnight,” the senior administration official said. “The public and private sectors must meet this moment together, and the American people are counting on us.”

The industry officials are slated to meet first with the president. Then they’ll do breakout sessions. 

Homeland Security Secretary Alejandro Mayorkas and Energy Secretary Jennifer M. Granholm will meet with energy, financial and water companies to discuss the resilience of critical infrastructure. Commerce Secretary Gina M. Raimondo and National Cyber Director Chris Inglis will lead the meeting with education leaders about the shortage of cybersecurity workers.

The keys

Bahrain used NSO Group spyware to hack activists.

Bahrain’s government probably targeted at least four Bahraini activists, Thomas Brewster of Forbes reports. Numbers associated with five of the activists’ phones appeared on a list of 50,000 phone numbers that included targets of NSO’s Pegasus spyware.

At least one of the targets was hacked while in London, where researchers haven’t seen Bahrain’s government use Pegasus before. Another government could have targeted that activist, the researchers said. The allegations come after a broad investigation by The Washington Post and other media organizations found that NSO's government clients routinely used Pegasus to target activists, journalists and political opponents. Read The Post’s full reporting on NSO Group’s spyware here.

NSO Group called the allegations “unfounded.” The “claims are based on unfounded allegations and misguided conclusions,” Bahrain’s government said. 

Opposition hackers breached dozens of Belarusian government databases.

In recent weeks, the group calling itself the Belarusian Cyber Partisans has released sensitive data about President Alexander Lukashenko’s inner circle and documents that raise questions about the number of people dead from the coronavirus in the country. Other leaked documents focus on Belarusian surveillance efforts, Bloomberg’s Ryan Gallagher reports. The hackers say they’re next planning to shut down government computers.

State security agency chief Ivan Tertel in July blamed the cyberattacks on “foreign special services.” The country’s interior ministry did not respond to Bloomberg’s requests for comment.

Cyber Ninjas may not have to release records about a partisan audit in Maricopa County, Ariz.

Arizona Supreme Court Justice Kathryn King postponed a lower court ruling ordering the firm to release records of their review into the county's 2020 election results. During the postponement, the court will consider whether the company is subject to the state’s public records law, according to the Associated Press

Arizona Senate Republicans say the firm should get legislative immunity from producing the records. The Senate hired the firm but is only paying a portion of the audit's cost. The state appeals court last week disagreed. The state high court has scheduled a hearing for mid-September. 

The partisan audit has been plagued by turmoil and blunders. A report scheduled to be delivered to lawmakers this week was delayed after three members of the five-person team leading the review tested positive for the coronavirus. 

Government scan

Securing the ballot

Cyber insecurity

Industry report

Global cyberspace

Secure log off