Jane Holl Lute, who shepherded President Obama’s executive order on cybersecurity before stepping down from the DHS earlier in the year, will serve as the president and CEO of the organization, according to the Hill.
"The council's main focus is to accelerate the widespread availability and adoption of effective measures in cybersecurity and practice in technology, with respect to workforce and policy to achieve and sustain security in cyberspace," Lute said during a speech at a SANS Institute event this week.
To further that end, the council will work with the SANS Institute to develop its 20 critical security controls (CSCs), which is a comprehensive set of best practices and processes. Operational silos within the IT security organization and between IT and other business departments are still the greatest impediment to implementing repeatable processes based on the controls, SANS recently found in a survey. And only 10% of respondents said they felt they've done a complete job of implementing all of the controls that apply to their organizations.
"We're going to assume the responsibility of leading ongoing efforts to continue to develop and evolve the controls," Lute said.
The council will be based in Washington, DC, and is a follow-on organization to the National Board of Information Security Examiners, whose mission is to improve the performance of the cybersecurity workforce and validate hands-on skills and knowledge. NBISE chairman, Franklin Reeder, a 25-year veteran of the Office of Management and Budget (OMB), will also chair the council.
The council's advisory board includes some heavy hitters, including Google's Chief Internet Evangelist Vint Cerf, Kaspersky Lab CEO Eugene Kaspersky and Booz Allen Hamilton vice chairman Mike McConnell, the Hill reported. Former National Security Agency official Tony Sager will serve as the director of programs for the council, and Karen Evans, who previously oversaw the IT budget for the federal government at OMB, will also serve on the board.
"I believe in an open Internet – open, reliable, accessible. I think one of the greatest threats to the openness of the Internet is the lack of security," Lute said. "I think you will see actors, including governments, step into that space in order to provide security, so I think they travel together."