CISA SED – Virtual Mini-Industry Day 

Written April 6th, 2022

Post Tags: cybersecurity, thoughtleadership

As a continuation of our recent industry day series, I attended CISA’s (Cybersecurity and Infrastructure Security Agency) SED (Stakeholder Engagement Division) Virtual Industry Day on behalf of NetCentrics.   

Photo Credit: Andrew Neel via Unsplash

This event allowed us to hear from representatives of CISA’s Stakeholder Engagement Division, and gave them the chance to provide potential industry partners with information on various requirements and upcoming opportunities, as well as providing an open avenue for folks to ask questions of CISA representatives. 

The session provided key insight into two specific opportunities, one involving the newly established CSRB (Cyber Safety Review Board), and the other regarding a state/local cybersecurity grant program, focused on educating the public.

CSRB (Cyber Safety Review Board)  

One member of CISA’s SED spoke about the anticipated establishment of the Cyber Safety Review Board (CSRB), which, per section 5 of the President’s Executive Order from last May, brings the implementation of an independent body responsible for investigating cyber incidents.  

The SED representative detailing this opportunity noted the need for a vendor who can assist in identifying strategic improvements within the candidate review processes. The talk also explored how recommendations are reviewed and implemented. They require contracted staff to support meetings and calls, both in-person and virtual. The staff will be expected to draft agendas and take notes, as well as analyze and produce summarized, meaningful information for board members’ consumption

FEMA Cyber Grant Program 

This specific opportunity with FEMA involves addressing cyber risks. FEMA is implementing cybersecurity plans to address imminent threats in communities across the U.S., and it will require coordination between different inter-governmental groups. The program will also involve a lot of outreach to agencies at the state and local territories level. There will be a heavy emphasis placed on open communication, not only internally/externally between CISA/FEMA, but also to CISA regional staff.  

Attendees were told to expect that this opportunity requires solid operations support. For example, a typical cybersecurity program involves program management, often in alignment with other DHS grants. There are also application coordination/processing, individual project reviews, and analytics and resource development. All work to detail program effectiveness and development of best practices. In addition to external engagement, strategic communications and collateral development will also be required.  

Key Takeaways 

CISA’s emphasis on improved clarity and transparency in communication reflects the ultimate truth – cybersecurity is a team sport. The only way to protect ourselves moving forward is to band together. Defending our country in cyberspace requires a fundamental shift in attitude towards cyber policy and willingness to collaborate across industries. I believe the first step towards making meaningful change is education of cyber risk because this affects everyone connected to the internet and mobile devices. The existence of FEMA’s grant program, in combination with the future work of the CSRB, brings us one step closer to educating, and therefore securing our nation.