caroline: i'm caroline hyde. let's talk about president biden , one of the key concerns is cybersecurity. the president met this afternoon with leaders from energy, big tech, and wall street. discussing infrastructure, and

our guest comes to us from an area where political leaders are looking to -- for help in fighting cyberattacks. do you think the push is hard enough and fast enough for corporate america to do something? >> the biden administration has certainly turned up the temperature on cybersecurity its first seven months. for years, industry had been clamoring for more attention, more guidelines and regulation. i think they are happy to see that the conversations are taking place at the white house and there's a partnership forming between the government and these private companies. the government will never let us forget that they absolutely need the private sector to support them. what we are seeing is at least the early stages of a broader

push to prioritize a shift in cyber culture. between the federal government and the private sector. romaine: why are we just doing this now? >> that is the question, why hasn't this conversation taken place in years and administrations past? the reality is, the with the solarwinds attack, the attack on microsoft, and the attacks on critical infrastructure at jbs and gas pipelines in the u.s., we have seen a dramatic shift in temperature and understanding of the threat of cyber and cyberattacks on the u.s.. i don't think it had really captured the imagination of the public or the white house in years past. taylor: what about, like the colonial pipeline, perhaps demanding that you spend x percent of revenue on cybersecurity issues to make she

-- to make sure you are up to date? >> for a lot of companies, they have been doing some of this. what it really does is move the needle for some of the smaller companies, especially in the energy sector. it forces them to reassess how they are spending. for years, the calculus for them has been, is the spending on new infrastructure worth it, or is the cost-benefit simply still leaning toward dealing with the cyberattacks when they happen and the cost of doing them? with greater attention on the cost of recovery going up, these guidelines will likely be welcomed as a necessary change. taylor: thanks for keeping us informed on all that cyber media today. the managing director of the cyber in his -- cyber readiness

institute, retired ceo of ibm, you are keenly aware of what the ceos want. this is a step in the right direction, but sitting around and discussing the issue clearly is not enough. give us a perspective of what next we really need to be doing. >> is great to be with you. one of the key pieces to today's conversation, and you will get a response from one ceo, this demonstrated not just the prioritization of the biden cybersecurity, but the whole of government approach. at this meeting you had the secretary of homeland security small business administrator, director of the cybersecurity infrastructure security agency, the new national cyber director.

essentially you brought in all the leaders from government that will be responsible for working with industry to execute on the actions that will come forward and the actions that we have learned about enduring cybersecurity and critical infrastructure protection. romaine: this has been a long time coming and you were instrumental in helping drive some of the rules and legislation that led to the homeland security department. you mentioned our national cybersecurity director, and i'm just curious when you look at all the attacks we've had on critical infrastructure and the concerns and the most recent elections about the potential for hacking there. why has it taken so long to formulate some sort of coherent public-private strategy? >> we have been working on public-private tragedies for a long time. we have overused that term so that it has sort of lost

meaning. talk about inflection points, but this truly is an inflection point for industry and government to work together. what makes this time different is that government is the most prepared it has ever been to work with industry and industry has stepped up in a tremendous way. we saw that with solar wind and the amount of intelligence the industry was able to collect. we recognize that government and industry can't do it by themselves, it has to be a partnership. but the capabilities are the best they've ever been. there is a long way to go, but right now we are at a point to truly have the conversation for not just the discussions about where we need to be, but formulating the actions and the outcomes that we need to achieve. caroline: later in the show we will discuss corporate responsibility with people working from home more. give us your perspective, your

looking at designing for smaller businesses. as we realize how intertwined supply chains are and how one weakness can suddenly expose anyone and everything, how prepared are smaller businesses to ensure they've got the right protections in place? >> small businesses are struggling, there is no question. they are coming off the pandemic where they were struggling just to stay alive and in business. this is a priority for the biden administration, working on the basics. what is encouraging is that you're seeing states like ohio, utah, and connecticut, allowing companies that are doing the basics, applying frameworks for cybersecurity to prevent them from being held responsible and liable for breaches. this is not to excuse them, but to encourage and incentivize behaviors to say you need to be doing the basics in order to

stand and we will stand by you so you don't have issues with liability protection. the other markets with responsibility is the cyber insurance market. i think it would go along way in moving us forward to creating the baseline level of security across businesses of all sizes. caroline: just briefly, we understood that president biden was mentioning at the summit with president putin remarks on cybersecurity. how much is the focus on certain countries right now? how much is there a focus on certain countries and the ways they view cybersecurity? >> we have to think about nationstate adversaries, that is certainly a part of our overall

cybersecurity's tragedy -- strategy. what is critical is that we as the united states cannot fight this battle on the global stage by ourselves, nor should we. we have seen great steps in international cooperation with this administration. just yesterday the vice president signed an agreement with singapore. we are seeing other types of efforts like this to collaborate and not to just be strong when looking at research and development, but also to be strong in looking at resume its and consequences for malicious actors on the global stage. romaine: great stuff, we really appreciate you being here. the conversation is going to continue. we will speak to someone who is in the room at the white house with that summit. utilities a big concern when it comes to cybersecurity.

that is next, right here on bloomberg. ♪

romaine: a comeback. today we are focused on cybersecurity, and that's because the president of the united states is focused on cybersecurity. helping to improve cybersecurity across the nation's infrastructure paved one of the people at that meeting is our next guest. he joins a program right now. thanks for being here. let's start off specifically with what the president and his advisers, what specifically are they asking companies to do? >> it was a very important

conversation between private sector representatives and the government. let me take the government as a whole here, president biden having an important conversation, folks were there like the national cyber director, and in my own sector, secretary granholm was there. homeland security and others. what we were doing in that meeting and follow-up meetings, we are talking about the priorities of how to reimagine national security as the private sector and the government speaking completely differently from the past about how to collaborate. taylor: there were questions about why this is happening now, in some ways it feels late to the game. do you think you are making enough progress and is it fast enough? tom: i've been helping lead our

industry now for about eight years on this issue, not just cyber, also physical security. along the way you learn very quickly that this isn't strategy in a silo. when we think about protecting the economic fabric of the united states, we realize that we are interdependent with folks like telecom, water, and others. so we have to take a whole of private sector working with whole of government, in order to reimagine this important responsibility. in the past, we thought about national security in the realm of say the soviet union on the right and nato on the left. it is clear and has been for some years now that the battle is in our telecom networks, our electricity grid, our financial

sector. therefore, 85 percent of those critical infrastructures are owned by the private sector, so we do have to reimagine our relationship with the intelligence community, sector specific agencies, the folks who hold the bad guys accountable, those conversations have been happening. i'm just glad today that president biden pulled us all together and we were able to vet the very important work that has been going on for some time. i would argue that the president has put -- put a huge emphasis on this effort. caroline: you have special insight because you were a chief information officer. you understand what it's like to be in that moment of battling getting real cyber attack affecting you. and also knowing how to share that information. you say these conversations are happening a new relationship forming, but are companies like

yours willing to share the information with one another and with the government? tom: i think in my industry, i'm the only ceo that was not a cio. it is a tough job. but here's the point. companies like ours, and you mentioned our size and scale, we get attacked millions of times a day. this is an ongoing activity that we have to be ever vigilant about. and it is not fixed. in other words, the attacked sectors today may be very different from tomorrow and a year from now. we have to understand our interdependence. that is really the challenge. when we think about sharing, really don't like that word. that is kind of where we are now.

we have to obviate the notion of sharing. what we need is collaboration with the intelligence community, sector specific agencies, a real-time visualization that requires a completely different way of collaborating with the federal government. and i'm very excited to say that i think we are making progress in that regard. romaine: it certainly requires some re-imagination here. that appears to be taking place. there is a lot of talk about the resources, particularly human resources needed for that. a lot of jobs that need to be filled but that the private and government level as well, with regard to those needs. what do you anticipate will be needed for the companies out there? tom: i'm the only private sector ceo on the commission.

it is a nonpartisan effort. senators, congressmen, really good thought leaders around the united states working together to put forth recommendations as a blueprint for america. as i walk the halls of congress our work with any of the administrations, everyone understands this is an important issue. few people really get the context of how to act in that space. if you want to go to something, go to the cyberspace solarium commission report. one of the recommendations inside that commission's report is these -- the idea of grooming a whole new generation of people that can come to work in the space and be effective, both in government and in the private sector. we've got to create incentives at the lowest level. i'm thinking elementary school up to high school and others, for people to play in this thing. we need to have a mass education

effort. when i think about in my childhood, or don't be a litter bug, there needs to be a national effort to inform the public about appropriate cyber hygiene. caroline: well said. tom fanning, southern company ceo, great to have some time with you about the important meeting happening at the white house. more on how corporate america is planning for the uptick in cyberattacks. we will talk to a ceo of a company that rates companies based on cyber performance. that is next. this is bloomberg. ♪

caroline: today we're focused on cybersecurity. protecting companies as

employees work from home, a recent survey in germany put up price tag on cyberattacks related to home offices. with remote work accounting for a quarter of damages from cyberattacks, let's talk more about the effect in the united states. rate for us in general the u.s. corporate america and how resilient it is as we work from home further and further as we see the delta variant rise. >> it depends on the sector. we can measure different organizations and different industries, finance is most sophisticated. they put a process in place, and we look at education our utilities and they are lagging. so it depends on the controls and sophistication they put in place. with the shift to home, a lot of those controls went away.

a lot of the basic controls and systems that organizations relied on or not in place like the home router and the home wi-fi. is not protected like the controls inside the office. taylor: what? ? are some of the better controls you mentioned home wi-fi, we know you don't get on public wi-fi because it is the weight -- easiest way to get hacked. stephen: we just did a recent study of hundreds of ransomware attacks. organizations -- keeping the system up-to-date. often times you will see systems at home that are out of date operating systems that are no longer supported. ransomware and attackers will exploit those systems that just

aren't kept up-to-date. sometimes the best control is just keeping that system up-to-date. romaine: we talk about work from home and the idea that now you have employees outside the normal realm of the workplace where companies can keep control over what they do and where they send stuff to. there is a lot of talk about a hybrid work environment, permanently or a hybrid learning environment, does the onus now fall on microsoft or hardware makers that make the computers and routers? or there are so many individual companies that ploy these companies. stephen: the responsibility will still ultimately go to the organization. sometimes they may outsource those controls which is that third party risk problem.

what we saw last year was digital acceleration, a massive expansion and adoption of digital services, which has opened up new servers. you still have a responsibility but you outsource control. what we see is a greater dependency on a third-party ecosystem. you will have to take responsibility with better monitoring and better assessments and try to hold them responsible. it can be contractual or contextual. sometimes organizations will outsource a function to a different route and they believe they have ceded control. caroline: great to have time with you, stephen boyer. it feels a slow there is still an awful lot to do.

romaine: and the idea that the government has to be involved in this, companies cannot just do this by themselves. taylor: getting more proactive instead of defensive. caroline: this is bloomberg. ♪

>> from the heart of where innovation, money, and power collide, in silicon valley and byond, this is "bloomberg technology" with emily chang. emily: president biden sits down with the ceo's of apple, amazon, alphabet, microsoft, and more, to talk about improving