The Cybersecurity and Infrastructure Security Agency (CISA) held its second quarter Cybersecurity Advisory Committee (CSAC) meeting on June 22, where subcommittee chairs shared progress updates on their work.
The subcommittees are currently working on developing new sets of recommendations for CISA, which they will provide to the agency during CSAC’s next quarterly meeting in September.
“From the launch of the CSAC, I have been and remain tremendously impressed by the thoughtfulness and insight of the committee and I remain grateful for their time and counsel,” said CISA Director Jen Easterly. “The new members sworn in at the March meeting have hit the ground running and, along with the other members, are diligently working to advance CISA’s cybersecurity mission. Their commitment to CISA’s mission and our nation’s cybersecurity is remarkable.”
One of those new members is Chris Inglis – who stepped down as the White House’s national cyber director in February and joined CSAC in March. He has since stepped into a new leadership role on the committee as the chair of the National Cybersecurity Alert System Subcommittee.
Inglis said his subcommittee is looking into existing successful alert systems to evaluate what the government and public need from a cyber alert system. The subcommittee plans to hear from experts on public health alerts, national weather system alerts, and strategic communications to inform its efforts.
In addition to Inglis, other committee leaders who provided updates on their subcommittee’s work include: Committee Vice Chair and Transforming the Cyber Workforce Subcommittee Chair Ron Green, Turning the Corner on Cyber Hygiene Subcommittee Chair George Stathakopoulos, Committee Chairman and Building Resilience and Reducing Systemic Risk to Critical Infrastructure Subcommittee Chair Tom Fanning, and Corporate Cyber Responsibility Subcommittee Chair Dave DeWalt.
Technical Advisory Council (TAC) Subcommittee Chair Jeff Moss was traveling internationally during the meeting, so TAC Subcommittee Member Kate Starbird filled in to provide the subcommittee’s update.
Green shared that his subcommittee has met with public and private sector workforce experts to understand future work trends and gain insights. The subcommittee is focused on best practices to recruit, retain, and develop top cyber talent.
Stathakopoulos shared that his subcommittee is supporting CISA’s secure-by-design and secure-by-default efforts by listening to experts in “target-rich, cyber-poor” sectors, such as those working in K-12 education, healthcare, and the water sector.
As for Fanning, he said his subcommittee is holding listening sessions to better understand the collaboration between various critical infrastructure sectors.
DeWalt shared that his subcommittee “is focused on trying to reduce risk through corporate governance.” The subcommittee has already held multiple briefings with a variety of experts, including individuals from the National Association of Corporate Directors, and hopes to develop a working document this summer.
Starbird – filling in for Moss – shared that the TAC is addressing two work streams, which are high-risk community protection and memory safety. The TAC has started developing recommendations and a report focused on different high-risk communities which it expects to complete by the September CSAC meeting.
The CSAC September quarterly meeting will be held virtually.