The IT SCC has four working groups. Below are the descriptions for the updated groups, along with examples of some potential work products that each group could undertake. Please e-mail the working group directly if you are interested in joining.
International Working Group:
This group identifies areas for collective work between the IT (and Communications) Sectors and the U.S. Government (USG) on international cybersecurity and critical information infrastructure protection (CIIP) and assembles key subject matter experts to engage in pertinent activities. The goals include to sharing information on activities and policy developments, identifying opportunities for engagement with countries or organizations, and developing substantive contributions to issues of mutual interest.
Potential work products to be derived from discussion at the Quad meeting, as well as from needs identified by working group participants.
Contact the International Working Group
Situational Awareness Working Group: This group works with the IT-ISAC to break down barriers to timely, actionable situational awareness. It includes information sharing work, such as identifying various information sharing programs sponsored by the federal government and to propose ways to streamline or consolidate these efforts with the goal of enhancing situational awareness among IT SCC members and federal partners. It will also identify other processes, in addition to information sharing, that can enhance situational awareness.
Potential work products: Briefing on TAXI and STIX, Implementing the 2012 IT-ISAC proposal with US D/As with information sharing equities, Proposing a revised outline and key priorities to finalize the National Cyber Incident Response Plan, Assessing information sharing within IT Sector for value, and provide threat briefings for membership.
Contact the Situational Awareness Working Group
Risk Management Working Group:
This group assesses emerging cyber, physical, and human risks to critical IT Sector functions (e.g. producing IT products and services, Domain Name Services, Identity Management, and Associated Trust Services) to enable a common understanding between industry and government of consequences, vulnerabilities, and threats. Among other risk management concerns, it includes understanding supply chain risks based on real-world experience to ensure that effective and efficient approaches to manage these risks are reflected in policy and guidance documents.
Potential working products: Leading the IT SCC effort for the Critical Infrastructure at Greatest Risk with DHS, Assessing risks to DNS and Internet routing, root authorities, and enterprise cloud, Drafting a policy proposal for government to acquire authentic technology from authorized suppliers. Additional work products may be derived from Risk Panel discussion at Quad Meeting.
Contact the Risk Management Working Group
Cybersecurity Approaches Working Group:
This group engages in policy efforts to advance cybersecurity of critical infrastructure. It serves to further the IT SCC’s priority to monitor Framework efforts and foster supply-side and demand-side incentives to advance cybersecurity, as put forth in the 2014 priorities. It aims to help understand how the cybersecurity is being considered across the SCC membership, including by conducting qualitative surveys of the IT SCC member organizations’ to understand and encourage participation and engagement on the Cybersecurity Framework and other efforts to promote cyber risk management, and in particular help foster development incentives are relevant and important to the membership.
Potential work products: Conducting twice annual qualitative survey of the IT SCC members’ organizations and entities participation or engagement on the Framework, Surveying the membership to determine which of the potential incentives are most relevant and most important to the membership, and prioritize/rank those for focused investment.
Contact the Cybersecurity Approaches Working Group