Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly wants the agency’s Cybersecurity Advisory Committee (CSAC) to stand up a new subcommittee focused on corporate cyber responsibility as part of a move to build a cyber “civil defense” capacity.
During CSAC’s last quarterly meeting of the year on Dec. 6, Easterly explained that corporate responsibility on the security front is an important element of the overall strategic approach to sustainable cybersecurity, “which includes a technology ecosystem that is secure by design and by default.”
“It’s essential that the CSAC does focus on how industry effectively manages cybersecurity risks,” Easterly said. “It’s really about what tech companies and software providers have to do to move away from technology superhighways that have become unsafe [and] can decrease safer products and stop placing the burden of security on consumers.”
In addition, Easterly explained that persistent collaboration in this area with a myriad of partners, and where the government is seen as transparent and responsive, will add value and not burden to the private sector.
She described that kind of effort as a form of cyber civil defense, which is “a nationwide focus on cyber hygiene, cyber safety, education, and cyber resources and services being more widely available to target rich cyber core entities across the nation.”
Other CSAC Priorities for 2023
During the Dec. 6 meeting, Easterly also laid out 2023 priority items for other CSAC subcommittees. Some subcommittees Director Easterly pinpointed for 2023 work include:
- Transforming the Cyber Workforce Subcommittee;
- Turning the Corner on Cyber Hygiene Subcommittee; and
- Protecting Critical Infrastructure from Mis- Dis- and Mal (MDM) information Subcommittee.
The Transforming the Cyber Workforce Subcommittee is focused on building a comprehensive strategy to identify and develop the best pipelines for talent. Easterly wants to refocus on how CISA can develop a cyber talent management ecosystem and a people-first culture in cybersecurity practices.
“I am intent on shaping and envisioning our workforce to ensure that it meets the challenges that we meet in the coming years,” Easterly said.
The Turning the Corner on Cyber Hygiene Subcommittee provides insight into how to execute a holistic, scaled approach to ensure that all organizations have the information and resources needed to implement essential security practices.
In working with the subcommittee, Easterly wants to focus on shaping the technology ecosystem to be both secure by design and secure by default, while supporting the growth of civil cyber defense initiatives. Easterly also wants a renewed focus on providing support to those target-rich cyber core sectors, including oil and water facilities, and more broadly, small businesses.
The Protecting Critical Infrastructure from MDM information Subcommittee evaluates and provides recommendations on CISA’s role in confronting MDM information harmful to critical infrastructure and particular election infrastructure.
To ensure the security and resilience of the nation’s election infrastructure, Easterly wants a renewed focus on ensuring that election officials across the country have the tools, resources, capabilities, and information they need to ensure the security and resilience of the nation’s election infrastructure.
“We’re going to be laser-focused in the coming year on our support to state and local election officials as you prepare for the general election in 2024,” she pledged.