The Cybersecurity and Infrastructure Security Agency (CISA) held its second Cybersecurity Advisory Committee meeting Thursday. The Committee, which held its inaugural meeting in December 2021, includes a diverse slate of leaders from across industry, academia, and government. Through their unique insight, the Committee members will ultimately provide recommendations on the development and refinement of CISA’s cybersecurity programs and policies. During today’s meeting, subcommittee chairs provided Director Jen Easterly with an update on the progress being made on key objectives outlined by the Director during the Committee’s inaugural meeting.
“I was thrilled to host CISA’s Cybersecurity Advisory Committee today and hear about the ongoing work of the six subcommittees,” said CISA Director Jen Easterly. “The Committee has truly hit the ground running in scoping key areas of focus to help support our evolution as the nation’s cyber defense agency. I look forward to our next meeting in June where we’ll begin to get a sense of key deliverables.”
During today’s meeting, Committee members provided the following updates on the work of the subcommittees:
- Transforming the Cyber Workforce Subcommittee: Mr. Ron Green, Chief Security Officer, Master Card: The subcommittee is focused on building a comprehensive strategy to identify – and develop – the best pipelines for talent, expand all forms of diversity, and develop retention efforts to keep our best people. During today’s meeting, the subcommittee chair discussed how they are identifying ways to fill existing vacancies and to reduce bureaucratic barriers that impede rapid recruitment and onboarding.
- Turning the Corner on Cyber Hygiene Subcommittee: Mr. George Stathakopoulos, Vice President of Corporate Information Security, Apple: The subcommittee is helping us think through and execute a holistic, scaled approach to ensure that all organizations – public or private, large or small – have the information and resources needed to implement essential security practices. During today’s meeting the subcommittee chair outlined efforts to date, including establishing a national call to action for broader adoption of basic cybersecurity practices, including multi-factor authentication (MFA), supply chain assessment and evaluations, patching known vulnerabilities, and establishing incident response plans.
- Technical Advisory Council: Jeff Moss, Founder and President, DEFCON Communications: The subcommittee is helping further catalyze CISA’s relationship with the technical community to shift the balance in favor of network defenders. During today’s meeting, the subcommittee chair provided an update on a range of initiatives on expanding collaboration with the technical community, including hackers, academics, and researchers. The chair also discussed potential programs that would bring members of the technical and research community into government service for a period of time to actively participate as a member of CISA’s operational teams.
- Protecting Critical Infrastructure from Mis- Dis- and Mal-information (MDM) Subcommittee: Dr. Kate Starbird, Associate Professor, Human-Centered Design & Engineering, University of Washington: The subcommittee is evaluating and providing recommendations on CISA’s role in confronting MDM harmful to critical infrastructure, in particular election infrastructure. During today’s meeting the subcommittee chair discussed strategies to combat MDM, to include relevant data sets and messaging strategies.
- Building Resilience and Reducing Systemic Risk to Critical Infrastructure Subcommittee: Thomas Fanning, Chairman, President and CEO, Southern Company: The subcommittee is helping CISA determine how to best drive national risk management and identify the criteria for scalable, analytic model to guide risk prioritization. During today’s meeting, the subcommittee chair discuss how they are scoping the best frameworks to collaborate with industry to identify systemic risks across National Critical Functions.
- Strategic Communications Subcommittee: Ms. Niloofar Razi Howe, Senior Operating Partner, Energy Impact Partners: The subcommittee is focused on expanding CISA’s reach with critical partners to help build a national culture of cyber resilience. During today’s meeting, the subcommittee chair highlighted how they are identifying any gaps that exist with respect to stakeholder perception, communication, partnership, and engagement and how best to communicate CISA’s longer-term vision, mission, and strategy to all stakeholders, including the general public.
The next Cybersecurity Advisory Committee will be held in-person on June 22, 2022 in Austin, Texas. Details and information on how to attend will be forthcoming.