Readout from CISA’s 2023 Second Quarter Cybersecurity Advisory Committee Meeting
WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency (CISA) held its second quarter Cybersecurity Advisory Committee (CSAC) meeting.
During the discussion, chairs of each subcommittee gave progress reports on their work. Subcommittees include Transforming the Cyber Workforce, Turning the Corner on Cyber Hygiene, Technical Advisory Council, Building Resilience and Reducing Systemic Risk to Critical Infrastructure, National Cybersecurity Alert System, and Corporate Cyber Responsibility.
“From the launch of the CSAC, I have been and remain tremendously impressed by the thoughtfulness and insight of the committee and I remain grateful for their time and counsel,” said CISA Director Jen Easterly. “The new members sworn in at the March meeting have hit the ground running and, along with the other members, are diligently working to advance CISA’s cybersecurity mission. Their commitment to CISA’s mission and our nation’s cybersecurity is remarkable.”
Each subcommittee provided an update on their work:
Transforming the Cyber Workforce: Committee Vice Chair and Transforming the Cyber Workforce Subcommittee Chair Ron Green reported that the subcommittee has met with public and private sector workforce experts to understand future work trends and to gain insights on managing a hybrid workforce. They are also focusing on best practices to recruit, retain, and develop top talent.
Turning the Corner on Cyber Hygiene: Subcommittee Chair George Stathakopoulos gave an update on the committee’s work to inform and promote CISA’s work to ensure technology products are built to be both secure by default and secure by design. One way the subcommittee is supporting this effort is by listening to and learning from experts working in “target-rich, cyber-poor" sectors such as K-12 school administrators, hospital and healthcare administrators, and leaders in the water sector understanding that they will be beneficiaries of this effort.
Technical Advisory Council (TAC): Subcommittee Member Dr. Kate Starbird reported the subcommittee received multiple briefings related to its taskings on high-risk community protection and memory safety. The TAC has started building out its draft recommendations in response to its tasking.
Building Resilience and Reducing Systemic Risk to Critical Infrastructure: Committee Chairman and Building Resilience and Reducing Systemic Risk to Critical Infrastructure Subcommittee Chair Tom Fanning shared their work to further understand operational collaboration within the 16 critical infrastructure sectors and is holding listening sessions to better understand collaboration within various sectors.
National Cybersecurity Alert System: Subcommittee Chair Chris Inglis provided an update that the subcommittee is looking into existing exemplars and merits of successful systems to evaluate what government, industry, states, and local offices need from an alert system. They plan to hear from various experts on public health alerts, national weather system alerts, and strategic communications.
Corporate Cyber Responsibility: Subcommittee Chair Dave DeWalt shared that the subcommittee is drafting its recommendations to focus on three key themes: 1) education, 2) responsibility, and 3) measurement. The subcommittee has met with a variety of experts, including individuals from the National Association of Corporate Directors, and will next hear from auditors and chief information security officers.
Subcommittees will provide recommendations to CISA during the CSAC’s September quarterly meeting.
Established in 2021, the committee was created to provide recommendations to CISA Director Jen Easterly that will help to advance the cybersecurity mission of CISA as well as to strengthen the cybersecurity of the United States.
The next CISA Cybersecurity Advisory Committee meeting will be held virtually in September. Details and information on how to attend will be forthcoming.
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.