The Cybersecurity and Infrastructure Security Agency (CISA) said late Wednesday that it has accepted in whole or in part 29 recommendations put forth by its Cybersecurity Advisory Committee (CSAC), which was created to provide cybersecurity recommendations to CISA Director Jen Easterly.
At CSAC’s sixth meeting on March 21 – the first quarterly meeting of 2023 – Easterly welcomed the new members announced earlier this week and thanked the committee for its thoughtful recommendations thus far.
“This is not about creating hundreds of pages of a document that may or may not see implementation. This is really about specific recommendations that can help us build a cyber defense agency that the nation needs and that the nation deserves,” Easterly said during the meeting. “So, I’ve been really excited to see the recommendations and the advice that’s come out of this group, and I couldn’t be more thrilled to bring on a new tranche of 13 members.”
The committee submitted 29 recommendations at the September 2022 meeting, and CISA accepted or partially accepted all of the recommendations in its formal response this month.
Some of these recommendations include: identify systemically important entities; develop a common framework for the analysis of systemic risk within national critical functions; establish outcome-based national resiliency goals; and partner with sectors to establish sector resiliency goals.
The chairs of each subcommittee – including Transforming the Cyber Workforce, Turning the Corner on Cyber Hygiene, Technical Advisory Council, Building Resilience and Reducing Systemic Risk to Critical Infrastructure, National Cybersecurity Alert System, and Corporate Cyber Responsibility – each discussed the work to come based on CISA’s feedback regarding their recommendations.
“They were very detailed recommendations, and we appreciate your thoughtful response,” Tom Fanning, the advisory committee’s chair, said to Easterly. “I think the real key here is building on the word collaboration, which is a reimagination of the national security framework of this nation.”
“Directory Easterly and her team have been very transparent, both in explaining the work that they are doing and then describing the challenges that they are facing,” he added. “I certainly thank them for their continued commitment to transparency and growth, which is a testament to the partnerships that the agency is fostering with the private sector and other stakeholders.”
In fiscal year 2022, the committee held four quarterly meetings and 94 subcommittee meetings, and provided Easterly with 53 recommendations to better address emerging cybersecurity threats.
The next CISA Cybersecurity Advisory Committee meeting will be in-person in June.