The CISA advisory committee has come forward with a comprehensive list of recommendations that could reshape the cybersecurity landscape.
The committee has highlighted the need to enhance the cybersecurity acumen within corporate boards, proposed the creation of a national cybersecurity alert system, and emphasised the protection of high-risk communities against potential surveillance threats.
This recent report from CISA’s Cybersecurity Advisory Committee contains over 100 recommendations and is being hailed as potentially “transformative” by CISA Director Jen Easterly. The committee, featuring an array of respected officials, executives, and lawmakers, including former National Cyber Director Chris Inglis, has had a history of its recommendations being well-received by Director Easterly.
One of the more pressing recommendations comes from the subcommittee focused on corporate cyber responsibility. This subgroup stresses the importance of equipping corporate board members with adequate knowledge and training in cybersecurity, particularly in light of the impending regulations from the Securities and Exchange Commission. Such regulations mandate publicly traded companies to disclose significant breaches in their computer systems and data.
The idea of having a national cybersecurity alert system, managed by CISA, is also a key recommendation. The proposal underscores the need for authoritative and coherent alerts, according to Inglis, stating that these alerts should be actionable.
Another significant finding is from the technical advisory council subcommittee, led by industry figures like Jeff Moss. Their recommendations emphasise the need to offer better protection to high-risk communities, such as NGOs, activists, and journalists, potentially under threat of surveillance and cyber-attacks. This protection would include access to necessary tools and guidance.
Moreover, the cyber workforce committee suggests that CISA should introduce programs to mitigate burnout, facilitate upskilling, and initiate cross-training for the cybersecurity workforce.
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst