New Leader of IT Sector Coordinating Council Wants Alignment on Key CISA Initiative


The new chairman of the Information Technology Sector Coordinating Council aims to be more involved in the agency’s work to protect industrial control systems.

Over the next few weeks, the Information Technology Sector Coordinating Council will deliberate priorities a new chairman says should include pursuing an alignment of recommendations from core stakeholders for securing industrial control systems.    

Jamie Brown, senior director of global government affairs for the cybersecurity company Tenable, took over as head of the IT SCC—one of 16 for sectors considered “critical”—in March and is eyeing greater participation in an area the Cybersecurity and Infrastructure Security Agency has identified as an operational priority: industrial control systems. 

CISA established an ICS Joint Working Group to facilitate information sharing that would help members combat cyber threats. Industrial control systems such as those found in the operations of natural gas facilities, water quality systems and other utilities are seen as attractive targets of sophisticated nation-state actors and are harder to secure due to their reliance on older technology.

"It's outside of the ITSCC, however, I think there are opportunities for alignment,” Brown told Nextgov

He said, because many of the subject matter experts for ICS come from the IT industry, “my hope, as the incoming chair, is that we can drive great alignment with a group like that, so that there is consistency in recommendations with the control systems working group.”

Among the likely priorities for the IT SCC, which issues recommendations it hopes both government and industry will follow, Brown expects there will be work to generally drive alignment with other sectors and the government, in addition to remote workforce security—in the aftermath of the coronavirus pandemic.

The sector coordinating council will also continue its work within CISA’s Information and Communication Technology Supply Chain Risk Management Task Force, and its own working groups on cloud security, botnet mitigation, and guidance for small- and medium-sized businesses.