CISA adds Inglis, Langevin, Katko and more to Advisory Committee

The Cybersecurity and Infrastructure Security Agency (CISA) added 13 new members to its Cybersecurity Advisory Committee, including former representatives like John Katko and Jim Langevin as well as former U.S. National Cyber Director Chris Inglis.

Google's Royal Hansen and former U.K. National Cyber Security Centre CEO Ciaran Martin were also added to the committee, which is made up of public and private cybersecurity experts who provide recommendations on policies, programs and planning.

Several private sector cybersecurity leaders from organizations like the NFL, General Motors, VMware, Union Pacific and Atlantic Health System were also included.

“I am thrilled to welcome our newest members, who bring a wealth of experience from across government and industry and look forward to their added perspectives in making recommendations to build a more cyber resilient nation to confront the cybersecurity challenges we face,” CISA Director Jen Easterly said during the committee’s sixth overall meeting and its first of 2023. “The insightful recommendations the Committee has already developed, and their continuous work are instrumental in helping CISA become the Nation’s Cyber Defense Agency our nation needs and deserves.”

She noted that the private sector additions to the group will help in CISA’s mission to follow through on a White House pledge to “encourage technology manufacturers to build products that are both secure by default and secure by design.”

The committee was created in 2021 to provide the agency with recommendations on ways the cybersecurity of the United States could be improved. Easterly noted that their first meeting was right after the ubiquitous Log4j vulnerability came to light.

One of the most notable suggestions made was for the creation of a '311’ emergency call line and clinics to provide assistance to small and medium-sized businesses after cyber incidents.

On Tuesday, Committee member Bobby Chesney, who serves as the dean of the University of Texas School of Law, said that effort is still being fleshed out in Texas.

Overall, Easterly said the committee has made 29 recommendations to CISA – all of which were “accepted or partially accepted” by the agency. Some are broad concepts that will be incorporated into CISA’s mission statements and others are projects CISA plans to work on moving forward.

The most notable of these is the identification of systematically important entities, something Easterly said is the “essential first step to managing and reducing risk.”

Another key goal of CISA is forming deeper partnerships with U.S. departments to amplify the importance of cybersecurity in every sector. Easterly said CISA is now working on developing deeper ties to officials within the Education Department as well as Health and Human Services, the U.S. Environmental Protection Agency and several others.

CISA said the partnerships will allow them to share more threat intelligence with agencies managing sectors that are being hit by waves of cyberattacks like K-12 schools and hospitals.

Easterly added that one recommendation CISA has already started work on is around elections, sharing intelligence and research with election officials in every state to better protect elections from influence operations.

“We're going to continue to provide information on resilience-building measures to state and local election officials who are on the frontlines of protecting democracy and on what they can do to reduce foreign influence operations and disinformation,” she said.