A government cybersecurity advisory board wants to hear from the White House at its next meeting.
The National Institute of Standards and Technology’s Information Security and Privacy Advisory Board agreed at the close of three days of meetings Friday to ask the Trump administration to send a cyber representative to its next meeting and to meet in a closed session with that representative if that’s what it takes to make the meeting happen.
White House Cybersecurity Coordinator Rob Joyce was scheduled to appear during the second day of this round of ISPAB meetings but abruptly canceled. It would have been Joyce’s first public appearance in his new position, which he only began this month.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The request comes as the Trump administration is working on a long-delayed executive order aimed at shoring up federal networks that were breached multiple times during the Obama administration.
Joyce previously led the National Security Agency’s network defense section.
Obama White House Cybersecurity Coordinator Michael Daniel appeared several times before the NIST advisory board.
The board also plans to send a letter to the White House and other relevant agencies urging increased attention to the digital security of state and local election systems, Chairman Chris Boyer told reporters.
The election security concerns will be part of a broad review of the most pertinent findings from the three days of meetings, Boyer said. The board sends such readouts after each of its meetings.
The letter, which must be agreed to by all board members, won’t get into deep policy recommendations but may suggest the government evaluate targeting some state and local cybersecurity grant money to election systems, said Boyer, who’s assistant vice president for global public policy at AT&T.
The letter will be sent in the next several weeks, he said.
Likely topics for ISPAB’s next meeting include efforts to combat armies of corrupted computers, known as botnets, and ransomware attacks in which hackers seize victim computers and only unlock them for a price, Boyer said.
The board will also likely address network segmentation and authentication issues, he said. That’s the process of ensuring employees only access documents and systems that are necessary to do their jobs and that network administrators are verifying those employees are who they say they are.
Improved segmentation and authentication can help reduce the dangers of an insider releasing sensitive information either mistakenly or maliciously.
“The problem you have in any organization with hundreds of thousands of employees is there’s always one, right?” Boyer said. “So, if that’s the case, how do you build in better authentication mechanisms so … you have the ability to track those people and limit the damage.”