Get AI Briefings, Transcripts & Alerts on Local & National Government Meetings — Forever.
Cybersecurity advisory council urges broader sector representation as legislators weigh joining
Summary
The House Energy and Digital Infrastructure Committee received the Cybersecurity Advisory Council—s annual report on April 28. Council staff recommended expanding membership to include local critical-infrastructure operators and telecoms; legislators discussed H.560, a bill that would add legislative and judiciary appointees to the council.
The House Energy and Digital Infrastructure Committee on April 28 heard a briefing on the Cybersecurity Advisory Council—s annual report and strategic plan, which recommends expanding council membership to better represent under‑resourced local critical‑infrastructure operators and telecommunications providers.
"In essence, the council should act as the connective tissue, connecting with federal partners," said Sean Naylor, special programs director at CNC Digital Services, who presented the report and outlined the council—s outreach, sector working groups and planned tools for smaller operators.
The report, posted in January, documents outreach over the past year to the National Guard, the governor—s council on emergency preparedness, colleges and international delegations. Naylor said the council surveyed operators to gauge cybersecurity maturity and found three broad tiers: organizations with mature programs, a middle tier working toward better hygiene, and a group with little current activity. He reported "119 partial responses" and said there were roughly "72–77 complete responses," noting uncertainty about the exact complete‑response count.
To move beyond blanket guidance, the council has formed four sector working groups (energy, health care, water/wastewater and essential supply chain) and proposed tailoring tools for each sector. Naylor and other council participants told lawmakers that telecoms and many municipal operators remain underrepresented on the council and argued that adding such operators would help craft practical, prioritized improvements for smaller utilities and municipalities.
Representative Kathleen James raised a pending bill, H.560, "that would add ... the chair of the House Energy Committee, the chair of Senate Finance, and an appointee of the judiciary to the cybersecurity advisory council," and asked for the council—s view. Naylor said legislative membership would improve awareness and oversight but urged that statutory expansion prioritize operators with hands‑on experience running critical infrastructure.
The council—s strategic plan calls for five strategies including outreach, partnerships, risk management support and a universal incident‑response plan template to help local entities identify contacts (forensics, Vermont Emergency Management) and protocols during an incident. Naylor said the council currently operates openly under Vermont—s open‑meeting law and has used executive session only once to protect respondent confidentiality in the survey.
Committee members and council staff emphasized the practical goal of raising baseline readiness: identifying a small number of prioritized tools and projects that municipalities and small utilities can adopt without extensive in‑house expertise. The committee heard requests for more frequent live briefings; no formal action or vote was taken at the April 28 meeting.
