CISA’s Cybersecurity Advisory Committee meets, as building nation’s cybersecurity posture continues
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) held its second-quarter Cybersecurity Advisory Committee (CSAC) meeting last week. The agency also announced the addition of Andrew Scott, who will serve as associate director for China operations, and David Carroll as CISA’s associate director for mission engineering to the agency’s team that works on protecting federal civilian government, SLTT (state, local, tribal, and territorial) partners, and critical infrastructure.
During the discussion, the chairs of each subcommittee gave progress reports on their work. Subcommittees include Transforming the Cyber Workforce, Turning the Corner on Cyber Hygiene, Technical Advisory Council, Building Resilience and Reducing Systemic Risk to Critical Infrastructure, National Cybersecurity Alert System, and Corporate Cyber Responsibility.
“From the launch of the CSAC, I have been and remain tremendously impressed by the thoughtfulness and insight of the committee and I remain grateful for their time and counsel,” Jen Easterly, CISA director, said in a media statement. “The new members sworn in at the March meeting have hit the ground running and, along with the other members, are diligently working to advance CISA’s cybersecurity mission. Their commitment to CISA’s mission and our nation’s cybersecurity is remarkable.”
Established in 2021, the advisory committee was created to provide recommendations to the CISA director to help advance the cybersecurity mission of the lead cybersecurity agency as well as to strengthen the cybersecurity of the nation. The committee provides independent, strategic, and actionable consensus recommendations to the CISA director on a range of cybersecurity issues, topics, and challenges, including but not limited to, information exchange; critical infrastructure; risk management; and public and private partnerships.
The CISA director may appoint up to 35 members to the advisory committee. Easterly has appointed 34 members to the Committee and will appoint future members to represent additional perspectives and expertise. Members can be reappointed for an unlimited number of terms, while the committee chair and vice chair each serve for a term of two years.
CISA has tasked the Committee with six topics on which members will provide recommendations to guide CISA’s cybersecurity efforts. In 2023, the Committee will study the development of a secure-by-design and secure-by-default technology ecosystem, guidance for cyber-responsible C- Suite boards, the feasibility of a national alert system for cyber risk, opportunities for measurable and repeatable risk reduction strategies, migration toward memory-safe code, and broadening competencies within the cyber workforce.
Dr. Kate Starbird, Technical Advisory Council (TAC) subcommittee member reported the subcommittee received multiple briefings related to its taskings on high-risk community protection and memory safety. The TAC has started building out its draft recommendations in response to its tasking.
The Building Resilience and Reducing Systemic Risk to Critical Infrastructure Committee chairman and Building Resilience and Reducing Systemic Risk to Critical Infrastructure Subcommittee chair Tom Fanning shared their work to further understand operational collaboration within the 16 critical infrastructure sectors and is holding listening sessions to better understand collaboration within various sectors.
National Cybersecurity Alert System subcommittee chair Chris Inglis provided an update that the subcommittee is looking into existing exemplars and merits of successful systems to evaluate what government, industry, states, and local offices need from an alert system. They plan to hear from various experts on public health alerts, national weather system alerts, and strategic communications.
Corporate Cyber Responsibility subcommittee chair Dave DeWalt shared that the subcommittee is drafting its recommendations to focus on three key themes – education, responsibility, and measurement. The subcommittee has met with a variety of experts, including individuals from the National Association of Corporate Directors, and will next hear from auditors and chief information security officers.
The next CISA CSAC will be held virtually in September with details and information on how to attend will be forthcoming. Subcommittees will provide recommendations to CISA during the CSAC’s September quarterly meeting.
CISA said in its Year in Review report that “in FY22, the CSAC held four quarterly meetings and 94 subcommittee meetings and provided CISA’s Director with 53 recommendations that will keep us well-positioned to address threats in a rapidly changing cybersecurity landscape.”
Eric Goldstein, executive assistant director for cybersecurity outlined in a blog post that Scott’s “experience is a perfect fit for a newly established role that will guide our Cybersecurity Division’s efforts to ensure that we are positioned to protect the American people most effectively against PRC cyber threats.”
He added that Carroll is joining CISA “to lead our recently re-named Mission Engineering organization in developing and executing foundational analytics and infrastructure powering the cyber operators across our cybersecurity mission, which we call the Cyber Analytics Data System.”
Carroll’s appointment comes amidst the cal by the U.S. cybersecurity agencies urging software manufacturers to take urgent steps necessary to ship products that are ‘secure-by-design’ and ‘secure-by-default.’ The move shifts the balance of cybersecurity risk by using principles and approaches for security-by-design and secure-by-default.
“Our nation faces extraordinary risks. We need extraordinary teams with extraordinary leaders,” Goldstein added. “We’re privileged to benefit from Andrew and David’s expertise as we collectively safeguard our country against cyber threats. And we’re not stopping now.”
A complimentary guide to the who`s who in industrial cybersecurity tech & solutions
Free DownloadRelated
