The Cybersecurity and Infrastructure Security Agency (CISA) held its first Cybersecurity Advisory Committee meeting today, in which agency officials laid out their expectations for the committee and called for actionable cyber recommendations from committee members that CISA can implement.
Although the committee has “advisory” in its title, John Tien, deputy secretary of the Department of Homeland Security, gave a keynote address in which he explained that CISA could even “add an additional ‘a’” in the committee’s title to stand for “action.”
“Your voices, your thoughts, your brainpower are going to have to help us identify the gaps, the vulnerabilities, and also provide us with some thoughts on solutions,” Tien told the committee members. “Those are voices, those are ideas, those are thoughts, but then it’s going to have to step into action… we need to act.”
CISA Director Jen Easterly explained that the committee will be broken into separate subcommittees, including ones around the transformation of the cyber workforce, how to turn the corner on cyber hygiene, igniting the hacker and researcher community to help on the defensive front, and misinformation and disinformation.
“I welcome this group creating action. This is really just not about being a talking club. This is about leveraging your expertise, your perspective, to make the nation safer. At the end of the day, this is really about implementing those things that will help CISA truly be the nation’s cyber defense agency. That is what the American people need. And that is what the American people deserve,” Easterly said.
“And so I am not looking for a 20-page white paper, I am looking for short info papers from each of the subcommittees that gives a series of recommendations that we can go ahead and implement,” she added.
In addition to the info papers from each of the subcommittees, Easterly said she is also hoping to gain insights from the committee on the Cyber Safety Review Board.
In a “preview of what’s to come” next from CISA, Easterly said her agency has been “spending a lot of time” on the establishment of the board, which was required by President Biden’s cybersecurity executive order and will be comprised of public and private sector stakeholders.