CONFERENCE Watch Now: Threat Detection & Incident Response (TDIR) Summit - Watch Event On-Demand
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

CISA Expands Cybersecurity Committee, Updates Baseline Security Goals

CISA announces adding more experts to its Cybersecurity Advisory Committee and updating the Cybersecurity Performance Goals.

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced adding more experts to its Cybersecurity Advisory Committee (CSAC) and updating the baseline cybersecurity goals introduced last year.

CISA on Monday announced over a dozen new members of the CSAC, whose role is to advise the agency’s director on policies and programs.

Members of the advisory committee include cybersecurity, tech, privacy, risk management and resilience experts from public and private sector organizations. 

New members from the private sector include Dave DeWalt, CEO and founder of NightDragon; Brian Gragnolati, president and CEO of Atlantic Health System; Royal Hansen, VP of privacy, safety and security engineering at Google; Rahul Jalali, SVP and CIO at Union Pacific; Cathy Lanier, SVP and CSO at the NFL; Doug Levin, co-founder and national director at K12 Security Information eXchange; Kevin Tierney, VP and CSO at General Motors; and Alex Tosheff, SVP and CSO at VMware.

The new members who bring in expertise on the government side include Chris Inglis, former national cyber director; former representatives John Katko and Jim Langevin; Ciaran Martin, former CEO of the UK’s National Cyber Security Centre; and Robert Scott, commissioner at the New Hampshire Department of Environmental Services.

“Chosen for their deep expertise in critical infrastructure, cybersecurity, and governance, these members will add important new perspectives to the CSAC’s work, particularly given this year’s additional focus on corporate cyber responsibility, technology product safety, and efforts to raise the cyber hygiene baseline of ‘target rich-cyber poor’ entities like hospitals, K-12 school districts, and water utilities,” said CISA Director Jen Easterly.

On Tuesday, CISA announced that it has updated the cross-sector cybersecurity performance goals (CPGs) unveiled last year. 

The changes have been made based on feedback from stakeholders, who asked for the goals to be more easily traceable to the NIST Cybersecurity Framework. In response, CISA reorganized the goals to match the NIST framework.

Advertisement. Scroll to continue reading.

The CPGs were created to help critical infrastructure and other organizations prioritize cybersecurity investments and address critical risks.

The CPGs focus on a prioritized subset of IT and OT security practices that can help reduce the likelihood and impact of risks and adversary techniques. In addition, they can serve as a benchmark for measuring and improving cybersecurity maturity.

Related: Digesting CISA’s Cross-Sector Cybersecurity Performance Goals

Related: CISA Seeks Public Opinion on Cloud Application Security Guidance

Related: CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.