A revised government-industry council devoted to critical infrastructure protection could be set up to have broader and more specific discussions on things like cybersecurity and threats to hardware and software that monitor and control industrial processes, known as operational technology (OT).
A top official at the Cybersecurity and Infrastructure Security Agency (CISA), Nick Andersen, said Tuesday he couldn’t share a timeline yet for the replacement of the Critical Infrastructure Partnership Advisory Council, which the Homeland Security Department disbanded to private sector dismay last year.
But he said the replacement, details of which CyberScoop was first to report, was trying to solve a number of problems with the original council (CIPAC).
“Old CIPAC never made any explicit focus on cybersecurity, that just wasn’t part of what was chartered back in the day when it was originally launched,” Andersen, executive assistant director for cybersecurity, told reporters at an event hosted by the Information Technology Industry Council (ITI).
“Additionally, it didn’t give us the opportunities for having focus groups to have conversations [about] like undersea cables, might be a good example. OT systems might be a good example,” he said. “OT had to nest itself under the IT Sector Coordinating Council in the past. There’s real opportunities for us to improve, opportunities for elements of the community that didn’t necessarily have opportunities to engage in a substantive way in the past, to give them a voice in the process.”
Further considerations, sources have told CyberScoop, include things like liability protections and how transparent the panel’s proceedings should be.
It was one of a number of topics discussed at the ITI event on the intersection of government, industry and cybersecurity.
Andersen told reporters he couldn’t provide a timeline for development of an artificial intelligence information sharing center (AI-ISAC), first proposed by the Trump administration as part of its AI Action Plan.
But he spoke at the event about pitfalls he hoped an AI-ISAC would avoid. Key, he said, would be to avoid having a government-established entity that ran parallel to, rather than in coordination with, industry efforts.
The administration wants to “take the opportunity to get that relationship right,” Andersen said.