Tracey Harrington Delphia

The meeting focused on updating the status of Meeting 12 items, which had no revisions, and the review and approval of the Annual Report. Sector-specific updates were provided, covering Electric Utilities (planning a meeting in February), Healthcare (working group member identification), Essential Supply Chain (first working group meeting held), and Water and Wastewater (ongoing discussions on operator support). The Coordinator reported activities mainly concerning the State and Local Cybersecurity Grant Program (SLCGP). Feedback included a suggestion from CISA regarding funding for basic cybersecurity appliances for a community in need, leading to a follow-up meeting. Discussion occurred regarding moving the July meeting to August 4th to coincide with the Annual Vermont Digital Summit, though no decision was reached. A motion was approved unanimously to officially adjourn the meeting.

This strategic plan, developed by the Cybersecurity Advisory Council, aims to advance the cybersecurity readiness of Critical Infrastructure operators in Vermont. It proposes a tiered approach to support organizations based on their maturity levels, encompassing training, risk management, and information sharing. The plan outlines five core strategies: Outreach and Awareness, Building Strong Partnerships, Multiple Tiers of Support, establishing a Universal Incident Response Plan Template, and fostering a Community of Vermont Organizations for Cyber Information Sharing. Key goals include enhancing cybersecurity awareness and preparedness, building collaborative relationships, and ensuring continuous improvement for critical infrastructure and municipalities.

The meeting was convened as a special session to allow evaluators of the procurement process to provide information and answer questions. Representative Kathleen James was welcomed to the board. The board then moved into an executive session to discuss a contract matter, after which they returned to the regular meeting with no action taken. The meeting was adjourned.

The meeting of the Cyber Security Advisory Council focused on sector-specific plans, including a review of edits, updates, and comments related to the recap and results of meeting nine. The discussion covered the fundamentals of resiliency, response, and recovery in cybersecurity, emphasizing the diverse maturity levels of organizations within various sectors. A key topic was the development of a roadmap to help organizations assess their current cybersecurity posture and identify actionable next steps. The council also considered the use of existing control frameworks and the importance of localizing efforts with Vermont-specific information.

The meeting was called to order and the board entered an executive session to discuss a contract matter before adjourning.