The Cybersecurity and Infrastructure Security Agency (CISA) held its second Cybersecurity Advisory Committee meeting on March 31, where committee members provided updates on their subcommittee work that will help inform key deliverables for the committee’s next meeting in June.
CISA held its first Cybersecurity Advisory Committee meeting on Dec. 10, where agency officials called for actionable cyber recommendations from each subcommittee in the form of short info papers.
In this week’s meeting, subcommittee chairs provided CISA Director Jen Easterly with an update on their progress.
“I was thrilled to host CISA’s Cybersecurity Advisory Committee today and hear about the ongoing work of the six subcommittees,” Easterly said on March 31. “The committee has truly hit the ground running in scoping key areas of focus to help support our evolution as the nation’s cyber defense agency. I look forward to our next meeting in June where we’ll begin to get a sense of key deliverables.”
Ron Green, chief security officer at Master Card and chair of the Transforming the Cyber Workforce Subcommittee, said his subcommittee is working on identifying ways to fill existing vacancies in the cyber workforce and reduce bureaucratic barriers that hinder rapid recruitment and onboarding.
George Stathakopoulos, vice president of corporate information security at Apple and chair of the Turning the Corner on Cyber Hygiene Subcommittee, said his subcommittee’s efforts to date have been focused on a call to action for broader adoption of basic cyber practices, such as multi-factor authentication, supply chain assessment and evaluations, patching known vulnerabilities, and establishing incident response plans.
The Technical Advisory Council, chaired by Jeff Moss, founder and president of DEFCON Communications, is focused on expanding collaboration with the technical community. Moss said his subcommittee is focused on potential programs that would bring members of the technical community – including hackers, academics, and researchers – into the government for a period of time to participate as a member of CISA’s operational teams.
Kate Starbird, associate professor of human-centered design and engineering at the University of Washington and chair of the Protecting Critical Infrastructure from Mis- Dis- and Mal-information (MDM) Subcommittee, said her subcommittee is examining how MDM is harmful to critical infrastructure, especially in election infrastructure. Starbird’s subcommittee discussed strategies to combat MDM, such as relevant data sets and messaging strategies.
Thomas Fanning, chairman, president and CEO of Southern Company and chair of the Building Resilience and Reducing Systemic Risk to Critical Infrastructure Subcommittee, said his subcommittee is identifying the best frameworks to collaborate with industry to identify systemic risks across National Critical Functions.
Finally, the Strategic Communications Subcommittee, chaired by Niloofar Razi Howe, senior operating partner at Energy Impact Partners, said her subcommittee is busy identifying gaps that exist in stakeholder perception, communication, partnership, and engagement. The subcommittee is also looking at how best to communicate CISA’s longer-term vision, mission, and strategy to all stakeholders.
The next Cybersecurity Advisory Committee meeting will be held on June 22 in Austin, Texas.