President Joe Biden brought together top executives from the nation’s biggest technology, financial services and energy companies this week to address the growing challenge of cybersecurity, speaking to tech leaders including Amazon CEO Andy Jassy, Microsoft CEO Satya Nadella and Apple CEO Tim Cook.
“The federal government can’t meet this challenge alone,” Biden said in his public remarks to open the meeting. “I’ve invited you all here today because you have the power and the capacity and the responsibility, I believe, to raise the bar on cybersecurity. And so, ultimately, we’ve got a lot of work to do.”
So what happened next? And did any real solutions emerge? Our guest on this episode of the GeekWire Podcast was in the closed-door meeting. Seattle-area investor and entrepreneur Hadi Partovi, CEO of computer science education nonprofit Code.org, shares details and key takeaways on this week’s show.
Embed from Getty Images
[Hadi Partovi, lower right in the photo above, with President Joe Biden and other tech and business leaders at the White House cybersecurity summit this week.]
In the third segment, Partovi reflects on his own childhood in Iran, as a 6-year-old during the 1979 revolution, later immigrating to the U.S. with his family, and finding success as a computer scientist and entrepreneur along with his twin brother, Ali, who joined him in founding Code.org. Hadi Partovi now finds himself asking if the children in Afghanistan today will find the same opportunities as they did.
Read his full thread on that topic and see our earlier coverage.
Listen to the full episode above, subscribe to GeekWire in any podcast app, and continue reading for edited highlights from Partovi’s comments.
What it was like inside the event: It was a very unique event. It’s not my first time being at the White House, but it was my first time with this administration. And it was, for sure, the first time with the collective set of people who were there.
President Biden hosted a summit for cybersecurity, inviting the CEOs of the largest technology companies, and CEOs across financial services, energy, insurance, as well as leaders from education, to bring attention to the national importance of cybersecurity as something that is hurting all of us, and to basically increase collaboration amongst these groups to help us all recognize that this isn’t one company’s problem; it’s not one government’s problem; it’s a collective problem that’s only going to get solved via collaboration together.
It was my first time being in a summit together with all the CEOs from tech. There’s multiple of them that I’ve worked with on a one-on-one basis, or had collaborations with their companies. But seeing them all in one place was certainly unique.
And going from the White House to the Rose Garden to the East Room with the President, it’s a very special, unique thing. The power of the president to call a meeting like that, and people just show up and change their schedules around, is incredible.
What was discussed behind closed doors: [President Biden] made comments on the record before the press. But then he wanted to ask questions of the different organizations that were there, the leaders, to get their thoughts on different things. For example, he asked Satya Nadella about the role that technology companies can play and what they are looking for, either from each other or from the government, to help.
Satya aptly mentioned the importance of cybersecurity standards. He made an analogy to seatbelts and other standards in the car industry that have increased the safety of cars. And pointing out that in cybersecurity, the expectations of software or systems or the cloud or so on, are not nearly as clear. And the importance of standards, which is something that is going to be worked on with NIST [National Institute of Standards and Technology] to establish.
President Biden asked somebody from the insurance industry, what role can insurers play? Then a conversation ensued in terms of, when breaches happen, the interplay between an insurance company, the insured, the person who suffers a breach, and law enforcement, and what are the ways that the insurance company, or the person whose organization is breached, can aid law enforcement while ensuring anonymity, business continuity and things like that.
Because sometimes these security breaches go without publicity. Somebody whose systems have been breached might not want publicity. for all the right reasons, but they do want law enforcement support to help catch the bad guys. And the insurance company is often caught in the middle, as well.
Then there was a conversation similarly between the president and [JPMorgan Chase CEO] Jamie Dimon, in terms of how financial services, both in terms of protecting their own clouds, but also the role they play in ransom attacks, and the hunting down of ransoms, was a conversation that happened.
And then lastly, he asked me about the role of education with respect to the workforce in cybersecurity. I actually published my comments on that because I am not sure if anybody else prepared, but I was ready. I was furiously writing notes on my iPhone to be ready, if he’s going to call me, what am I going to say.
Some of those other folks are very well-spoken. I’m not sure, for example, if Satya had prepared comments, or if naturally things flow off his tongue in a poetic fashion. But for me, preparation is really important. So I wrote down what I wanted to say if I got asked to talk.
How he felt after the meeting about the country’s ability to face the cybersecurity challenge: I felt more positive. But I should be clear, I feel that’s because I started not very positive. The reason I say that is, our country is in a cyberwar. I don’t think people recognize that. We recognize that we’re in a war in Afghanistan that we’re pulling out of. We don’t recognize that every single day, every single computer in our country is getting attacked. And there’s many of these attacks that we fend off. But the ones that aren’t getting fended off, they’re not small attacks, they’re major.
With the Colonial Pipeline, if that hadn’t gotten back running when it did, we were days away from catastrophic problems in the country. Things that impact utilities, energy sources, water sources, we rely on water to live, and if somebody can cut those things off, that’s not a small deal. It’s a big, big deal. And there’s much more fragility in the digital infrastructure of our country than people recognize. When you start from that baseline, the fact that these folks have all come together, and just the general sense of we were going to do something about it, I walked away optimistic that that there’s attention on it, companies made commitments.
There was a real commitment to collaboration, which is key, because the tech companies compete, obviously, but they have to collaborate in this space. Everybody in the country needs to really, honestly collaborate in this space, because we’re fighting an invisible set of enemies. And they take advantage of weaknesses between the gaps. And the only way to address that is to collaborate.
Why cybersecurity is an education problem: When the President called on me, he first asked about the cybersecurity workforce. That’s the start of the role of education in cybersecurity. Just as we have an Army or Navy, we need a cyber defense workforce. Whether you call it a cyber army or not, the work of cybersecurity requires people, and we are way understaffed. Either at the government level or at the corporate level, there’s not enough people doing this.
But that’s actually the smaller problem. The bigger issue is that the weakest link in our nation’s defenses is people. And 80% of all cyberattacks that you hear about didn’t happen because the technology didn’t work. It’s because one person made a simple, avoidable mistake: they clicked on a link that said, “enter your password.” And then suddenly, the attackers got on their computer. And then from their computer, they got onto another computer. And then, lo and behold, an entire system got taken down.
The world of remote work is increasing the digital connections between all of our computers, and actually makes things less safe. And so the reason cyber security in this country is an education problem is we need to educate every American on the basics of how to stay safe online.
The number one way things get breached, or hacked, isn’t because the technology didn’t work. It’s because somebody used the same password across all their sites and apps, where somebody didn’t have their computer locked with a password, or they didn’t install the software updates, or they didn’t use two-factor authentication on their email. This simple set of things that if everybody did them, 80% of all the problems in cybersecurity would have been avoided.
Ugh … I’m en route to the White House to meet with @POTUS and the top CEOs in the world, and I forgot to pack a tie for the trip. ????????♂️. (Sporting the @codeorg pin though) pic.twitter.com/y8FnuISJgU
— Hadi Partovi (@hadip) August 25, 2021
How to get people to pay attention to cybersecurity basics: Every one of the organizations that was present came out with their own commitments on things that they’re doing. For example, at Code.org, we committed to educating 3 million K-12 students on precisely these things. The one-third of US classrooms that learn on Code.org are now going to get introduced to these things through their school system. But 3 million people, while it’s a large number, is 1% of Americans.
The big idea that emerged from my subgroup — I don’t know whether I can say that it’s going to happen, but it’s certainly something I’d like to see happen, and this is probably the first time I’m talking about it externally — is, could we get all of the people who were in that room, and more — educators, companies, governments — to collectively have a national call to action, and pick one day or one week to have everybody — mothers fathers, children, employees, employers, students — collectively go through this.
To stay safe online, you don’t need to spend a month of learning. It’s a few hours of learning the things you need to do and then actually doing them. Most of us know we need to set up two-factor authentication. But we’re like, ‘Oh, I’ll do that tomorrow. Or, you know, we should get a password manager and different strong passwords.” But it’s like, “Oh, I’m kind of lazy. I don’t want to do that. I’ll just use the same password on this site. What’s the worst thing that can happen?”
Most people make that decision on an individual basis. But if we had a national call to action that we are all fixing this, and everybody did it on the same day, I think it would change things.
My experience for coming up with that concept is what happened with us with the Hour of Code at Code.org. The Hour of Code started as a one-person idea: let’s get 10 million students to learn one hour of coding. It may have been my idea, but what made it powerful was we got 400 partners, reaching out to 100,000 teachers to then do this in their classrooms, and really creating a movement around it. And now for years, over and over, over a billion times the Hour of Code has been done.
What I was thinking is, can we create something of that nature, where it’s not about one organization or one government, but that is really a collective coming together with lots of people saying, we should do this. And can we create space for every major employer to tell all of their employees, take today off and do this stuff, or creating time for people saying, this is the time we are all going to spend on changing our passwords and turning on two-factor authentication and installing the updates.
I don’t know if the one-day solution would do it, but that was my best idea, and it only works if lots of people collectively say, we’re going to do this.
Reflecting on his childhood in Iran and life in America: When I was living in Iran, I wanted nothing more than to come to America. That is true of most Iranians. I’m sure it’s true of most Afghanis.
America has always been, and I think and hope will always be, a beacon for much of the rest of the world, as a place of opportunity, as a place of hope, as a place people want to come to, not necessarily because of what America is, but because of what America stands for. And we have always stood for freedom and justice and opportunity. We don’t always do the perfect job at that. There’s lots of people who are American, living in America, who feel like we don’t have adequate freedom, or we don’t have adequate opportunity. But at least it is something we stand for. And that’s something we stand for globally.
I lived a block away from Pahlavi avenue in Tehran, one of the largest streets where the crowds of the revolution began. My parents told us to stay indoors. There was a lot of shouting and loud noise. I was too young to realize my life was about to turn upside down. pic.twitter.com/B3uENMxzv3
— Hadi Partovi (@hadip) August 22, 2021
When I was going through that in Iran, to me, it was super obvious even though I was seven or eight years old, that this is just brainwashing, and knew what brainwashing meant. I knew that I wanted to go to America. And as I would walk across the American flag, I wasn’t thinking any hateful thoughts towards America.
I also was too young to know that the bombings that were happening were funded by America. That wasn’t something I learned until later. I didn’t know that Iran’s democracy had been subjugated by the CIA who put a puppet monarch in place because they want to keep their access to oil.
Shouting “Death to America” at the top of your lungs, when you secretly wish you’d be in America but are scared that nobody should find that out, is this a complicated place to be, but there was never a point that I felt critical of America. I just wanted to leave this scary country and be there.
And I’m so lucky that, having come to America, I am an embodiment of the American dream. I’m an embodiment of why people want to come to America. It’s because you can arrive to a country with nothing, and with hard work and education get somewhere, and not every country provides that kind of opportunity to people.
Audio edited and produced by Curt Milton; Theme music by Daniel L.K. Caldwell.