CISA weeks away from naming members to new advisory, investigative panels

The Cybersecurity and Infrastructure Security Agency is close to unveiling the roster for a new advisory and investigative panels that will help steer the organization’s strategy and analyze major digital incidents, a senior official said on Tuesday.

“In the coming weeks, we'll be announcing our Cybersecurity Advisory Committee and the Cyber Safety Review Board, two groups of outstanding thought leaders and experts who will provide critical perspective, insight and knowledge in dealing with our most difficult cyber challenges,” Brandon Wales, CISA’ executive director, told the House Oversight Committee.

The Homeland Security Department officially created the Cybersecurity Advisory Committee earlier this month. The committee’s goal will be to "develop, at the request of the CISA Director, recommendations on matters related to the development, refinement, and implementation of policies, programs, planning, and training pertaining to the cybersecurity mission of the agency.”

The panel was initially authorized in the fiscal 2021 National Defense Authorization Act. The bill limits membership to 35 individuals and stipulates that it must feature at least one member from 12 key industries, including financial services, information technology and communications and healthcare. The remaining slots will be filled by CISA Director Jen Easterly.

Speaking at an event last week hosted by Wired, Easterly signaled that she would name members of the hacking community to the advisory committee.

“At the end of the day, I feel like that's my community, man, and we want to ignite the power of hackers and researchers and academics,” according to Easterly. 

The Cyber Safety Review Board was established earlier this year when President Joe Biden issued his sweeping executive order to boost the resilience of federal networks and systems. 

It would investigate major incidents involving computers at civilian agencies, similar to the way the National Transportation Safety Board examines aviation disasters.

The board will include members from the government and the private sector and convene at the discretion of the president or the DHS secretary or whenever an entity known as a Cyber Unified Coordination Group is stood up.

The last such group was created late last year in response to the SolarWinds hack. It was composed of representatives from CISA, FBI and the Office of the Director of National Intelligence — supported by the NSA — to oversee the federal government’s response to the massive campaign.