The Cybersecurity and Infrastructure Security Agency (CISA) held its third quarter Cybersecurity Advisory Committee (CSAC) meeting on Sept. 13, where members voted to approve a number of recommendations offered by each subcommittee to the agency, including one that could result in the creation of a national cyber alert system.
During the two-hour meeting, the subcommittee chairs shared their recommendations – which they detailed in a 64-page report to CISA Director Jen Easterly – all of which are aimed at strengthening the nation’s cybersecurity.
One notable recommendation that the committee approved was to create a 24/7 national cybersecurity alert system to share actionable cyber threat warning information. Chris Inglis – who stepped down as the White House’s national cyber director in February and joined CSAC in March – is leading the subcommittee behind this effort.
“We do think there’s a genuine need for actionable, granular kind of information that constitutes an alert system and that is actually curated over time,” Inglis said during the meeting. “So, if we go shields up, we know why we’ve done that. And we know when to bring those shields down to some degree so that we can actually target this for the circumstances. We think CISA is the right organization to lead this.”
Inglis also explained that the ongoing rulemaking process for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) serves as “a great opportunity” to create this alert system and use the incoming information.
CIRCIA – which was signed into law in March 2022 – requires CISA to develop and implement regulations requiring covered entities to report cyber incidents and ransomware payments to the government.
Earlier this month, Easterly said that CISA is currently finishing up work on the Notice of Proposed Rulemaking for its cyber incident reporting rule, which she said “should be out later this year or early next year.”
The CISA director called Inglis’ recommendations “terrific” and shared her excitement for CIRCIA to better inform a national cybersecurity alert system.
“I am extremely excited about getting the CIRICA rule in place, because I think, without something like that, we just don’t understand the ecosystem,” Easterly told the CSAC members. “We just only have an anecdotal feel. And I think that’s exactly right, that we can use that data to better inform an alert system that will, in fact, be actionable.”
The full report of the committee’s recommendations will now be submitted to Easterly in written form and posted on cisa.gov.
During the meeting, the committee also elected Ron Green, chief security officer at Master Card, as the new committee chair and Dave DeWalt, CEO and founder of NightDragon, as the vice chair. Green and DeWalt will serve in the positions for two-year terms effective Dec. 1.
Easterly also thanked the 10 departing members whose two-year terms will expire on Nov. 30: Steve Adler, Tom Fanning, Vijaya Gadde, Nuala O’Connor, Matthew Prince, Steve Schmidt, Alex Stamos, Kate Starbird, Alicia Tate-Nadeau, and Chris Young.
“I am super grateful to these outstanding professionals who gave their time and expertise to develop recommendations aimed at advancing CISA’s role as America’s cyber defense agency. They’ve made an invaluable impact on the cybersecurity posture of the United States,” Easterly said.
The next CSAC meeting will be held in person in December.
