U.S. Virgin Islands Cybersecurity Advisory Council

Objectives and Scope of Activities

1. The United States Virgin Islands Cybersecurity Advisory Council shall develop incorporating guidance from the Director of the Bureau of Information Technology, Rupert Ross, Chief Information Officer (CIO), recommendations on matters related to the development, refinement, and implementation of policies, programs, planning, and training pertaining to the cybersecurity mission of the United States Virgin Islands.

2. The Council shall provide consultative direction on projects, initiatives, and programs, ensuring territory cybersecurity needs are met. The Council will confirm that these programs align with the unique needs and risk profiles of critical sectors throughout the territory.

3. The Council shall develop, maintain, and execute an implementation plan for accomplishing strategic cybersecurity objectives that are specific, measurable, achievable, and relevant to the overall strategic vision, which shall be completed within an established timeframe.

4. The Council shall establish and maintain a strategic framework document that defines high-level cybersecurity goals for the United States Virgin Islands. This framework document shall establish a strategic vision for United States Virgin Islands cybersecurity initiatives and detail how the territory will:
a. Establish an effective governing structure and strategic direction.
b. Formalize strategic cybersecurity partnerships across the public and private sectors.
c. Strengthen best practices to protect information technology infrastructure.
d. Build and maintain robust territory-wide cyber incident response capabilities.
e. Establish processes, technology, and facilities to improve cybersecurity territory-wide.
f. Leverage business and economic opportunities related to information, critical infrastructure, and network security.
g. Ensure a robust workforce and talent pipeline in fields involving cybersecurity.

5. The Council shall accelerate cyber initiatives and ensure United States Virgin Islands stakeholders have the resources and support that they need to reach the next level in cybersecurity.

Advisory Council Duties
1. The duties of the Cybersecurity Advisory Council are solely advisory in nature. The advisory council shall advise the Governor on advancements in the information technology in the area of cybersecurity and provide feedback on the effectiveness of the information systems within the Government of the Virgin Islands.

2. The Cybersecurity Advisory Council shall submit an annual report providing information on the activities, findings, and recommendations of the Council for the preceding year to the Governor of the Virgin Islands.

Membership Structure
1. The Council shall be composed of Members, who are appointed by the Governor.

2. Council Members are expected to leverage their expertise and experiences to the Council and review and advise on territory-wide cybersecurity projects.

3. All members are responsible for notifying and seeking approval from their employer to participate on the Council. Topics not on the agenda may be discussed at the end of the meeting at the discretion of the Chair, time permitting, or placed on the agenda for the next meeting.

4. All members should be prepared to actively participate in any discussions or decision- making.

5. All members shall continue to represent their designated organization or sector for the duration of their appointment.

6. All members (or their proxies if applicable) shall attend at least 75 percent of all scheduled meetings to remain in good standing. Members who fail to meet this expectation will be reported to the Chair, Advisory Council, and Office of the Governor and may be removed from the Council.

7. All members who wish to withdraw their membership may do so at any time by submitting a written request to the Chair.

8. All Advisory members must serve in at least one of the council’s subcommittees, if any.

Authorizing Legislation
1. The United States Virgin Island Code (Title 3. Chapter 1. Section 10f and 10j – Information Technology Task Force) established, within the Bureau of Information Technology of the Office of The Governor, the Information Technology Task Force.
2. The Governor has established the Cybersecurity Advisory Council as the governing authority for the implementation and execution of the Cybersecurity Plan for the United States Virgin Islands.
3. The United States Virgin Island Code (Title 3. Chapter 1. Section 10h – Data Security and Confidentiality) established the Office of the Governor, Bureau of Information Technology (BIT).
4. The Cybersecurity Advisory Council will advise, consult with, report to, and make independent, strategic, and actionable recommendations to the Governor.

Reference Materials
Cybersecurity Council Charter – PDF (This will link the Approved Charter when available)