CISA advisory committee approves four draft reports on critical infrastructure resilience | CyberScoop<\/title> <meta name=\"description\" content=\"Each report includes recommendations for the cyber agency to tackle, with the overarching goal of combating threats from China.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cisa-cybersecurity-advisory-committee-october-report\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"CISA advisory committee approves four draft reports on critical infrastructure resilience\"> <meta property=\"og:description\" content=\"Each report includes recommendations for the cyber agency to tackle, with the overarching goal of combating threats from China.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cisa-cybersecurity-advisory-committee-october-report\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-10-11T21:38:27+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1278\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1725982252g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1725466133g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1728669090g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82128\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82128\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-cybersecurity-advisory-committee-october-report%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-cybersecurity-advisory-committee-october-report%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82128 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cisa-cybersecurity-advisory-committee-october-report\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.506147540984\">\n<div class=\"single-article__header-content\" readability=\"30.548872180451\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/government\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> Each report includes recommendations for the cyber agency to tackle, with the overarching goal of combating threats from China. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-2.jpg?resize=768,511 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-2.jpg?resize=1024,682 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-2.jpg?resize=1536,1022 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-2.jpg?resize=600,399 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-2.jpg?resize=1014,675 1014w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-2.jpg?resize=1266,843 1266w\" sizes=\"(max-width: 1014px) 100vw, 1014px\"><figcaption> Cybersecurity and Infrastructure Security Agency Director Jen Easterly testified before a House Homeland Security Subcommittee, at the Rayburn House Office Building on April 28, 2022. (Photo by Kevin Dietsch\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"45.393395133256\"><body readability=\"93.644910807975\"><\/p>\n<p>An advisory committee to the Cybersecurity and Infrastructure Security Agency on Friday approved a series of reports to be delivered to the agency aimed at boosting national cyber resilience, increasing public awareness of CISA efforts, and better securing the world\u2019s digital ecosystem.<\/p>\n<p>Members of CISA\u2019s Cybersecurity Advisory Committee approved the <a href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2024\/10\/CISA-Cybersecurity-Advisory-Committee_DRAFT-Recommendations_20241011.pdf\">four draft reports<\/a> and multiple recommendations in response to looming threats by Chinese hackers to critical infrastructure. The reports were drafted by subcommittees and focused on building up the nation\u2019s critical infrastructure resilience, ensuring widespread adoption of the agency\u2019s secure-by-design initiative, increasing public awareness, and solving the messy issue around securing the open-source software supply chain.<\/p>\n<p>CISA Director Jen Easterly praised the committee\u2019s work during Friday\u2019s meeting and commented on the \u201ccontinued attacks on our most sensitive critical infrastructure by Chinese state-sponsored cyber actors, and of course, we\u2019re less than a month away from the presidential election with a threat environment that is more complex than it has ever been.\u201d<\/p>\n<p>Easterly noted that during a recent trip to Omaha, she met with election officials from Nebraska, Iowa, Kansas, Missouri, and South Dakota, and with the CEO and chief information security officer at the voting software company Election Systems & Software.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThe reality is that election infrastructure has never been more secure and the election stakeholder community has never been better prepared,\u201d Easterly said.<\/p>\n<p>The report written by the building resilience subcommittee found that critical infrastructure and federal agencies are \u201cnot prepared\u201d for the hostile actions likely to result from nation-state conflicts. The report also noted that China\u2019s methods of \u201cliving off the land\u201d techniques, which use already found software on targeted systems, challenge usual threat detection methods.<\/p>\n<p>The report on building resilience included recommendations for CISA\u2019s Joint Cyber Defense Collaborative to assist federal agencies working with critical infrastructure, specifically around resilience and contingency planning in preparation for a successful cyberattack. <\/p>\n<p>CISA is also pushed in the report to help fill in resource gaps for smaller critical organizations and agencies. The report said the agency should measure the potential impact of federal advisories around Chinese hackers, particularly Volt Typhoon-related threats.<\/p>\n<p>The secure-by-design subcommittee encouraged wider adoption of the agency\u2019s software development initiative. Additionally, that group found that representatives from the public and private sector challenged some of the \u201cfundamental thinking in this space,\u201d such that \u201cthere is often no empirical evidence to substantiate some of its long-held security beliefs.\u201d For example, the report challenged ideas that major hacks will impact customer loyalty to the victim company or the \u201ccommonly held belief that fixing vulnerabilities earlier is more cost effective.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The report recommended the commissioning of a study that clearly quantifies the financial and customer impacts from major breaches and addresses ways to fix vulnerabilities in the design process.<\/p>\n<p>A report from the strategic communications subcommittee focused on answering how the agency can spread messages more effectively with the American people and industry. The subcommittee noted that CISA\u2019s communications budget falls well below other public-driven federal agencies, particularly when it comes to crisis communications. Additionally, CISA should look to performance indicators and incorporate successful strategies by corporate and agency leaders.<\/p>\n<p>\u201cCISA should continue its consistent cadence of media outreach, including, but not limited to, quarterly background briefings with cybersecurity journalists at major media publications, and cybersecurity trade publications, to provide a regular dialogue with them on CISA\u2019s top mission and communications priorities,\u201d the report stated.<\/p>\n<p>The technical advisory subcommittee report on open-source software, meanwhile, said the increasingly complex supply chain and the maze of dependencies are seen by hackers as easy targets with high-end rewards. Open-source software and components are found in the bulk of modern applications and the \u201cstatus quo of willful ignorance of security in software dependencies\u201d will only lead to more attacks by nation-backed hackers, the report noted.<\/p>\n<p>One recommendation said an \u201caccountable intermediary\u201d can mitigate \u201cas is\u201d risk presented by open-source programs, moving some accountability from the consumer and producer to those with more resources.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.2281553398058\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience-1.jpg?w=640&ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out: christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cisa-cybersecurity-advisory-committee-october-report\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA advisory committee approves four draft reports on critical infrastructure<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[413,2172,452,293,117,722,439],"tags":[415,2175,454,299,119,723,443],"class_list":["post-5748","post","type-post","status-publish","format-standard","hentry","category-critical-infrastructure","category-cybersecurity-advisory-committee","category-cybersecurity-and-infrastructure-security-agency-cisa","category-department-of-homeland-security-dhs","category-government","category-jen-easterly","category-policy","tag-critical-infrastructure","tag-cybersecurity-advisory-committee","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-department-of-homeland-security-dhs","tag-government","tag-jen-easterly","tag-policy"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/critical-infrastructure\/\" rel=\"category tag\">critical infrastructure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-advisory-committee\/\" rel=\"category tag\">cybersecurity advisory committee<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-homeland-security-dhs\/\" rel=\"category tag\">Department of Homeland Security (DHS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/jen-easterly\/\" rel=\"category tag\">Jen Easterly<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a>","tag_info":"Policy","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5748","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5748"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5748\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5748"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5748"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5748"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":5748,"date":"2024-10-11T16:38:27","date_gmt":"2024-10-11T21:38:27","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82128"},"modified":"2024-10-11T16:38:27","modified_gmt":"2024-10-11T21:38:27","slug":"cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/11\/cisa-advisory-committee-approves-four-draft-reports-on-critical-infrastructure-resilience\/","title":{"rendered":"CISA advisory committee approves four draft reports on critical infrastructure resilience"},"content":{"rendered":"