Today, the Cybersecurity and Infrastructure Security Agency (CISA) held its first meeting for newly appointed members of the Agency’s Cybersecurity Advisory Committee. Members discussed Committee objectives and initiatives, received a classified threat briefing, elected Committee leadership, and established subcommittees to focus on key objectives.
CISA Director Jen Easterly chaired the meeting and was pleased to be joined by Deputy Secretary of Homeland Security John Tien and National Cyber Director Chris Inglis who helped kick off a discussion of the group’s core objectives and priorities.
Last week, CISA announced the Committee’s first 23 members. This group includes a diverse slate of distinguished leaders from across industry, academia, and government. Through their unique insight, the Committee members will provide recommendations on the development and refinement of CISA’s cybersecurity programs and policies.
Today, the Committee chose Thomas Fanning as Chair and Ron Green as Vice Chair.
“I was thrilled to have members of CISA’s Cybersecurity Advisory Committee come together today to discuss how to evolve CISA into the world’s premier cyber defense agency,” said CISA Director Jen Easterly. “Under the leadership of Tom and Ron, I am confident that this Committee will meet the moment to help CISA fulfil its mission of ensuring the security and resilience of our digital infrastructure. Each and every distinguished member of the Committee brings a unique perspective to the table, and I look forward to their progress in addressing the key objectives outlined in today’s meeting.”
Director Easterly established five subcommittees that will focus on key objectives and provide tangible deliverables ahead of the next committee meeting.
The Cybersecurity Advisory Committee subcommittees include:
- Transforming the Cyber Workforce SubcommitteeThis subcommittee will focus on building a comprehensive strategy to identify – and develop – the best pipelines for talent, expand all forms of diversity, and develop retention efforts to keep our best people. We will also aim to find creative ways to educate communities “K through Gray” to develop a better-informed digital workforce and to inspire the next generation of cyber talent.
- Turning the Corner on Cyber Hygiene SubcommitteeA core objective of CISA’s cybersecurity strategy is to raise the baseline of security throughout the cyber ecosystem to advance an environment that favors the defender. This subcommittee will help us think through a holistic, scaled approach to ensure that technology is maximally secure out-of-the-box and that all organizations – public or private, large or small – have the information and resources needed to implement necessary security controls.
- Igniting the Hacker Community SubcommitteeThe security of our nation depends in part of our ability to leverage the imagination and talents of the global white-hat hacker and research community. This subcommittee will spearhead the development of a Technical Advisory Council, comprised of hackers, vulnerability researchers, and threat intelligence experts to get direct feedback from front-line practitioners whose work is vital to the security of our nation.
- Protecting Critical Infrastructure from Mis- Dis- and Mal-information SubcommitteeThe core of CISA’s mission is to safeguard American’s critical infrastructure. Unfortunately, the nation has seen the corrosive effects of mis-, dis-, and mal-information (MDM) across a host of critical infrastructure in recent years impacting our election systems, telecommunications infrastructure, and our public health infrastructure. This subcommittee will evaluate and provide recommendations on CISA’s role in this space and ensure that the agency is providing value that fits within its unique capabilities and mission.
- Building Resilience and Reducing Systemic Risk to Critical Infrastructure SubcommitteeAt our core, CISA aims to reduce systemic risk to our nation’s cyber and physical infrastructure. When the government is faced with requests for support from many entities, understanding which ones are the most important to our national security, economic prosperity, and public health and safety will allow CISA to optimize risk reduction in two ways: collaborative operational support to major players on the frontline of cyber warfare, and responsive technical support to those small organizations that the Nation needs, but are not ready for battle. This subcommittee will help us determine how to best drive national risk management and determine the criteria for a scalable, analytic model to guide risk prioritization.
Additionally, Director Easterly asked for the establishment of a CIO/CISO council to ensure CISA gains the insight of information security officers across public and private organizations to understand not only the threats they’re defending against, but also the ways in which they are promoting the investments needed in cybersecurity to their C-Suites and Boards of Directors.