A new interagency working group led by the Cybersecurity and Infrastructure Agency (CISA) is looking to bolster industry participation in its effort to better protect industrial control systems, with plans to hold a series of meetings with private sector officials over the next few months.
Richard Driggers, deputy assistant director for cyber security for the Department of Homeland Security’s CISA, told attendees at a Fifth Domain event on Tuesday, the group will meet with top private sector technology officials before the end of the year before holding an executive committee meeting in early 2020 with “senior industry leaders.”
“We need to share information about what the threat landscape looks like. We need to work very closely together to make sure that we’re driving down and mitigating risks for industrial control systems,” Driggers said.
CISA, which was stood up under DHS a year ago, established a working group with the Pentagon, Department of Energy, NIST and others, to take a whole of government approach to mitigating industrial control systems security risks, according to Driggers.
Driggers said the effort must now be expanded to include insight from industry on where the federal government can provide a more efficient means to assist with security and risk reduction efforts.
“We’ve been doing a little bit of this in the past couple of years, but we need to do more. We’re going to open up the interagency working group and bring in, at the practitioner-level, private sector partners to participate with us,” Driggers said. “We’ve listened to industry over the past two to three years about what they want government to do, and we’ve settled on four workstreams for this interagency working group.”
The group’s four focus areas include enhancing security standards and developing best practices, gaining a holistic view of control system supply chains, improving threat response efforts and growing the cyber security workforce.
Driggers specifically emphasized the need to work with the private sector to collectively approach supply chain risk management issues to better secure industrial control systems.
“We have and will continue to work with the private sector and developers to weigh more heavily national security issues and their decision making processes, while strengthening and building partnerships and programs to foster innovation,” Driggers said. “We must become more proactive by stopping potentially harmful products from being placed on our networks and systems in the first place.”