Inside Cybersecurity

March 29, 2023

Daily News

Tenable’s Brown discusses priorities as chair of IT Sector Coordinating Council, potential role in EO implementation

By Charlie Mitchell / May 14, 2021

Tenable’s Jamie Brown, recently re-elected as chair of the Information Technology Sector Coordinating Council, says the group’s focus on cloud and software security, as well as on helping small businesses and state and local governments, creates opportunities for collaboration with federal officials on implementation of the new Biden cybersecurity executive order.

“We’re getting positive signals from the federal government on its willingness to engage in public-private partnerships,” Brown said. “That has been getting better and better in recent years, and there are a number of areas where the private sector can work with the federal government on the EO.”

Brown discussed the IT-SCC’s priorities and opportunities for engagement with federal partners in implementing President Biden’s new cybersecurity executive order in a Thursday interview with Inside Cybersecurity. The Biden administration on Wednesday evening issued the cyber executive order including elements on securing federal networks and incentivizing the commercial software market to improve its security practices.

Jamie Brown

Jamie Brown, Senior Director, Global Government Affairs, Tenable

Brown is senior director of global affairs at Tenable and enters a second term as chair of the IT-SCC, which he described as the “principal IT entity working with the DHS and the federal government on cybersecurity.”

Pieces of the EO on cloud security, software assurance and ransomware track with ongoing IT-SCC initiatives, Brown said, and present “great opportunities” for collaboration. For instance, he said the IT-SCC has a cloud working group that is focused on deploying zero-trust architecture, which could align with work under the executive order.

He also noted that the EO will set new requirements on development and lifecycle security for software vendors selling to the federal government. The IT-SCC is part of a software assurance task force with the Communications Sector Coordinating Council and DHS that is up for renewal this summer, Brown said, presenting “a great opportunity for industry to provide input” on software aspects of the executive order.

And, Brown said, the IT-SCC is in good position to “provide solid input” on the government’s ransomware efforts.

He said the group held off on creating new working groups until the release of the executive order and the installation of new leadership at the Cybersecurity and Infrastructure Security Agency, but cited several ongoing priorities.

A working group on botnets has evolved into a “cyber threats working group,” Brown said, in order to encompass ransomware challenges underscored by the Colonial Pipeline and various attacks on the health sector, for example.

A small and mid-sized business working group has updated its focus to ensuring guidance and tools from the National Institute of Standards and Technology are useful to SMBs, according to Brown.

The IT-SCC is also working with state, local, territorial and tribal partners and will soon produce a set of recommendations for that sector, Brown said.

In closing, Brown said the “key point” the IT-SCC is emphasizing is a “commitment to public-private partnership. Both sides recognize they can’t do it alone.”

That commitment has grown on both sides, he said, driven by growing trust between the partners. “It’s definitely trust,” Brown said of the key to the evolving relationship. “Cybersecurity is not a partisan issue, it’s government and industry working together over years to build trust.” -- Charlie Mitchell (