US President Joe Biden’s cybersecurity summit with tech industry leaders Wednesday was long overdue and will spur federal IT investment, says an analyst.
Cybersecurity experts said more investment is critical because America can't rely on luck anymore when it comes to protecting critical online and physical infrastructure.
Daniel Ives of Wedbush Securities said cybersecurity vendors like Fortinet, Sailpoint Technologies Holdings, Crowdstrike Holdings and Cyberark Software, among others, stand to benefit as cloud computing security threats increase and Biden boosts federal cybersecurity spending.
“We believe there is a $300bn-plus growth opportunity in cloud security alone up for grabs over the next few years for those vendors that have the solution sets to protect critical cloud deployments from growing threats/attacks,” wrote Ives in a research note.
“In a nutshell, we believe the fundamental drivers and sweet spot of cloud demand continue to give us high conviction in owning the secular winners in the burgeoning cybersecurity sector,” Ives said.
Ives, who has covered cybersecurity since the late 1990s, said he was “befuddled” by the lack of core next-generation security infrastructure around utilities and federal and state assets in light of red-alert cyber threats and ransomware attacks.
“The attacks are increasing at an eyepopping rate, and we ultimately believe (cloud computing) is another broader sector growth catalyst for the cybersecurity industry over the next 12 to 18 months,” he wrote.
Biden hosted today’s summit to discuss ways to improve cybersecurity against future breaches like the hack of software firm SolarWinds and the ransomware attack on Colonial Pipeline, which resulted in the company making a $4.4m bitcoin payment to regain access to its systems.
The Justice Department said in June that the Federal Bureau of Investigation recovered $2.3m of the cryptocurrency paid to Colonial’s hackers, who used malware developed by DarkSide, a Russia-linked hacking group.
US Deputy Attorney General Lisa Monaco has called such ransomware attacks “an epidemic” that poses a national security and economic threat.
Official: Summit is 'a call to action'
A senior Biden administration official said the summit is a “call to action” during a White House press briefing on Tuesday 24 August. According to the official, there are currently 500,000 unfilled cybersecurity jobs in the US.
The official indicated the government will form partnerships with large IT firms on cybersecurity projects in “a set of concrete steps,” but declined to be specific.
The White House will also announce future projects related to cybersecurity education, the official added.
The summit’s participants included tech company CEOs Sundar Pichai of Alphabet and Google, Andy Jassy of Amazon, Tim Cook of Apple, Carlos Rodriguez of ADP, Arvin Krishna of IBM and Satya Nadella of Microsoft. Biden also welcomed CEOs from the financial, energy and water, and insurance sectors, as well as educators.
Cybersecurity experts also welcomed the summit and its possibilities.
Florida Tech cybersecurity associate professor TJ O’Connor hopes the summit will lead to greater co-operation on cybersecurity between industry and government.
“We are at a critical point in developing a shared responsibility between the government and the private sector,” he told Capital.com. “The last few months have brought substantial attention to the four-decade-old problem of cyberwarfare.”
Ransomware attacks on Colonial and Brazilian meat packing company JBS, which said in July it paid Russian hackers REvil $11m, demonstrated the need for greater private-public collaboration, he added.
Expert: US can’t rely on luck
O’Connor said ransomware, along with its criminal and nation-state backers, poses a “significant threat,” but not the only one.
“The SolarWinds attack shed a much brighter light on the efforts of nation-state actors to conduct espionage on the military, private sector, government, and educational institutions,” he said.
Supply-chain compromises resulting from purchases of security technology from undetected bad actors also need to be identified, said O’Connor.
Many areas are due for an infusion of research and development funding, he added, including the industrial Internet of Things market and the American fleet of aircraft, railways and maritime vessels, which was designed “well before” critical security vulnerabilities were understood.
“We lucked out that the DarkSide ransomware group never crossed the (operational-technology) network for the Colonial Pipeline – but we cannot continue to rely on luck,” said O’Connor.
Renita Murimi, a University of Dallas associate professor of cybersecurity, called the summit “a positive step in the right direction” in an interview with Capital.com. She said the participating companies collectively process a large amount of data and “contribute significantly” to “the data-driven economy.”
“The input from these tech giants will help shape effective policy and technology development to mitigate the growing stem of cybersecurity threats,” she added.
R&D funding from tech companies, in addition to money already provided by many government agencies, would help tackle “growing cybersecurity concerns,” she said.
Energy, water companies included
Aaron Brantly, a Virginia Tech political science professor who focusses on cybersecurity, said the inclusion of energy and water companies at a cybersecurity summit highlights their importance in protecting US national security and the American economy.
A failure to invest in security and innovation will lead to insecurity and stagnation, he added.
Brantly called for cybersecurity workforce development programs starting in middle and high schools to help meet future talent needs.
“Increased development and funding for domestic silicon manufacturing will also be critical to protecting US systems in the decades to come,” he told Capital.com.
Brantly also hopes the summit will help overcome “a substantial lack of uniform regulation on security standards” and lead to greater private-sector recognition of cybersecurity’s importance.
“When we move outside of the banking and Silicon Valley firms, the quality of cybersecurity declines precipitously because it is seen as a loss on balance sheets,” he said. “The Biden administration needs to work to change that perception.”