Dismantling security councils exposes cyber vulnerabilities

Today

The recent federal directive to dismantle the Department of Homeland Security's advisory committees has dissolved key public-private security partnerships, which could pose challenges for national cyber threat preparedness.

These advisory committees, including the Cyber Safety Review Board (CSRB) and the Critical Infrastructure Partnership Advisory Council (CIPAC), have been pivotal in providing the federal government with cybersecurity expertise and knowledge that it lacks internally. This decision has sparked concern among experts in the field who highlight the gap that will be left without these essential collaborations.

Matthew DeChant, Chief Executive Officer of Security Counsel, a cybersecurity management consulting firm, expressed concerns about the implications of this decision. "Public-private partnerships have helped keep the federal government up to speed on national security issues, in ways it otherwise couldn't afford, and with skills that government employees don't have," he said. DeChant, who has spent over 25 years in enterprise security leadership roles, elaborated on how pivotal these committees have been for national security.

Regarding the potential consequences of the dismantling of these councils, DeChant added, "When (not if) experts are needed to address an attack—especially for a zero-day scenario—the dismantling of councils slows down response time as experts will no longer be readily available." These councils provide rapid access to expertise essential for dealing with unforeseen cyber threats.

According to DeChant, critical infrastructure, which is predominantly privately owned, relies heavily on these advisory boards. Because critical infrastructure is almost entirely owned by private companies, public-private committees are needed to help protect the nation's infrastructure interests. "

He specifically pointed out the importance of the Critical Infrastructure Partnership Advisory Council (CIPAC), saying, "One essential council impacted is the Critical Infrastructure Partnership Advisory Council (CIPAC), where the 16 Critical Infrastructure industries come together with the government to solve 'all hazards' problems."

One more tangible consequence of these changes is the impact on the ongoing CSRB investigation into the formidable Salt Typhoon cyber attacks. These attacks, which originated from China, affected nine American telecommunications providers and compromised the data of hundreds of thousands of citizens, including members of the current presidential administration. "CSRB's disbandment impacts its ongoing investigation of the China-originated Salt Typhoon attacks on nine American telecom providers," DeChant explained, underscoring the risk posed by removing key investigative personnel.

In summary, the federal directive to disband these key advisory committees raises concerns about national security and critical infrastructure protection. The move creates a period of vulnerability for various sectors, including communications, information technology, and energy, potentially benefiting malicious actors who may seek to exploit this disruption in national cyber defences.

Share on: