Overview

The inaugural meeting of the CISA Cybersecurity Advisory Committee (CSAC) was held in December 2021.  For highlights and our analysis of the meeting, see   A Call to Action from CISA’s Jen Easterly and Def Con’s Jeff Moss at Inaugural CISA Advisory Committee Mtg.

The second meeting of the committee was held in March 2022.   Open remarks were addressed to the committee by:

• The Honorable Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA)
• Mr. Tom Fanning, CISA Cybersecurity Advisory Committee (CSAC) Chair
• Mr. Ron Green, CISA CSAC Vice Chair

The following subcommittee chairs provided updates:

• Mr. Ron Green, Transforming the Cyber Workforce
• Mr. George Stathakopoulos, Turning the Corner on Cyber Hygiene
• Mr. Jeff Moss, Technical Advisory Council
• Dr. Kate Starbird, Protecting Critical Infrastructure from Misinformation and Disinformation
• Mr. Tom Fanning, Building Resilience and Reducing Systemic Risk to Critical Infrastructure
• Ms. Niloo Howe, Strategic Communications

Next Meeting is to be held in June 2022

A public comment period is scheduled for each committee meeting.  We encourage OODA Loop members to participate in this public-facing cybersecurity community event.  According to CISA, The next Cybersecurity Advisory Committee will be held in person on June 22, 2022, in Austin, Texas. Details and information on how to attend will be forthcoming.

“The Committee has truly hit the ground running in scoping key areas of focus to help support our evolution as the nation’s cyber defense agency. I look forward to our next meeting in June where we’ll begin to get a sense of key deliverables,” said CISA Director Jen Easterly.

Subcommittee Updates

Subcommittee chairs provided the following updates on the progress being made on key objectives outlined during the Committee’s inaugural meeting:

Transforming the Cyber Workforce Subcommittee – Mr. Ron Green, Chief Security Officer, Master Card: The subcommittee is focused on building a comprehensive strategy to identify – and develop – the best pipelines for talent, expand all forms of diversity, and develop retention efforts to keep our best people. The subcommittee chair discussed how they are identifying ways to fill existing vacancies and reduce bureaucratic barriers that impede rapid recruitment and onboarding.

Turning the Corner on Cyber Hygiene Subcommittee – Mr. George Stathakopoulos, Vice President of Corporate Information Security, Apple: The subcommittee is helping us think through and execute a holistic, scaled approach to ensure that all organizations – public or private, large or small – have the information and resources needed to implement essential security practices.  The subcommittee chair outlined efforts to date, including establishing a national call to action for broader adoption of basic cybersecurity practices, including multi-factor authentication (MFA), supply chain assessment and evaluations, patching known vulnerabilities, and establishing incident response plans.

Technical Advisory Council – Jeff Moss, Founder and President, DEFCON Communications: The subcommittee is helping further catalyze CISA’s relationship with the technical community to shift the balance in favor of network defenders. The subcommittee chair provided an update on a range of initiatives for expanding collaboration with the technical community, including hackers, academics, and researchers. The chair also discussed potential programs that would bring members of the technical and research community into government service for a period of time to actively participate as a member of CISA’s operational teams.

Protecting Critical Infrastructure from Mis- Dis- and Mal-information (MDM) Subcommittee – Dr. Kate Starbird, Associate Professor, Human-Centered Design & Engineering, University of Washington: The subcommittee is evaluating and providing recommendations on CISA’s role in confronting MDM harmful to critical infrastructure, in particular election infrastructure.   The subcommittee chair discussed strategies to combat MDM, including relevant data sets and messaging strategies.

Building Resilience and Reducing Systemic Risk to Critical Infrastructure Subcommittee – Thomas Fanning, Chairman, President and CEO, Southern Company: The subcommittee is helping CISA determine how to best drive national risk management and identify the criteria for a scalable, analytic model to guide risk prioritization. The subcommittee chair discussed how they are scoping the best frameworks to collaborate with industry to identify systemic risks across National Critical Functions.

Strategic Communications Subcommittee: Ms. Niloofar Razi Howe, Senior Operating Partner, Energy Impact Partners: The subcommittee is focused on expanding CISA’s reach with critical partners to help build a national culture of cyber resilience. The subcommittee chair highlighted how they are identifying any gaps that exist with respect to stakeholder perception, communication, partnership, and engagement and how best to communicate CISA’s longer-term vision, mission, and strategy to all stakeholders, including the general public.

Further Resources

For the readout from the meeting, see  CISA’s Second Cybersecurity Advisory Committee Meeting.

March 2022 CSAC Quarterly Meeting Agenda

December 2021 CSAC Kickoff Meeting Agenda

December 2021 CSAC Kickoff Meeting Summary

https://oodaloop.com/archive/2021/12/13/a-call-to-action-from-cisas-jen-easterly-and-def-cons-jeff-moss-at-inaugural-cisa-advisory-committee-mtg/

Stay Informed

It should go without saying that tracking threats are critical to inform your actions. This includes reading our OODA Daily Pulse, which will give you insights into the nature of the threat and risks to business operations.

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real-world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking

Corporate Sensemaking: Establishing an Intelligent Enterprise

OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along its journey to optimized intelligence. See: Corporate Sensemaking

The OODAcast Video and Podcast Series

In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision-making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, and quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast