Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Management & Strategy

CISA Expands Cybersecurity Committee, Updates Baseline Security Goals

CISA announces adding more experts to its Cybersecurity Advisory Committee and updating the Cybersecurity Performance Goals.

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced adding more experts to its Cybersecurity Advisory Committee (CSAC) and updating the baseline cybersecurity goals introduced last year.

CISA on Monday announced over a dozen new members of the CSAC, whose role is to advise the agency’s director on policies and programs.

Members of the advisory committee include cybersecurity, tech, privacy, risk management and resilience experts from public and private sector organizations. 

New members from the private sector include Dave DeWalt, CEO and founder of NightDragon; Brian Gragnolati, president and CEO of Atlantic Health System; Royal Hansen, VP of privacy, safety and security engineering at Google; Rahul Jalali, SVP and CIO at Union Pacific; Cathy Lanier, SVP and CSO at the NFL; Doug Levin, co-founder and national director at K12 Security Information eXchange; Kevin Tierney, VP and CSO at General Motors; and Alex Tosheff, SVP and CSO at VMware.

The new members who bring in expertise on the government side include Chris Inglis, former national cyber director; former representatives John Katko and Jim Langevin; Ciaran Martin, former CEO of the UK’s National Cyber Security Centre; and Robert Scott, commissioner at the New Hampshire Department of Environmental Services.

“Chosen for their deep expertise in critical infrastructure, cybersecurity, and governance, these members will add important new perspectives to the CSAC’s work, particularly given this year’s additional focus on corporate cyber responsibility, technology product safety, and efforts to raise the cyber hygiene baseline of ‘target rich-cyber poor’ entities like hospitals, K-12 school districts, and water utilities,” said CISA Director Jen Easterly.

On Tuesday, CISA announced that it has updated the cross-sector cybersecurity performance goals (CPGs) unveiled last year. 

Advertisement. Scroll to continue reading.

The changes have been made based on feedback from stakeholders, who asked for the goals to be more easily traceable to the NIST Cybersecurity Framework. In response, CISA reorganized the goals to match the NIST framework.

The CPGs were created to help critical infrastructure and other organizations prioritize cybersecurity investments and address critical risks.

The CPGs focus on a prioritized subset of IT and OT security practices that can help reduce the likelihood and impact of risks and adversary techniques. In addition, they can serve as a benchmark for measuring and improving cybersecurity maturity.

Related: Digesting CISA’s Cross-Sector Cybersecurity Performance Goals

Related: CISA Seeks Public Opinion on Cloud Application Security Guidance

Related: CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...