Skip to main content

Cybersecurity Advisory Council

The State of Vermont, led by the Agency of Digital Services, in collaboration with Vermont Businesses responsible for delivering critical services to Vermonters has formed the Cybersecurity Advisory Council per Act 71. Information about the mission of the council is below in the enabling legislation section. This site will provide updates on the work of the council, meeting schedules, agendas, meeting recordings/minutes, and public reports.
The council is comprised of the following members:

Members

Denise Reilly-Hughes, State of Vermont, Agency of Digital Services - Chief Information Officer and Council Chair

David Kaiser, State of Vermont, Agency of Digital Services - Acting Chief Information Security Officer

Erica Ferland, Burlington Electric Department - Director of Information Technology

Joe Duncan, Champlain Water District - General Manager

Nate Couture, UVM Health Network - Associate Vice President Network Security

Eric Hillmuth, Vermont Gas - IT Director

Eric Forand, State of Vermont, Department of Public Safety - Director Vermont Emergency Management

Shawn Loan, State of Vermont, Department of Public Safety - Homeland Security Advisor Designee

Gregory C. Knight, State of Vermont, Vermont National Guard - Vermont Adjutant General

James Layman, State of Vermont, Attorney General - Assistant Attorney General

Sue Fritz, Vermont Information Technology Leaders - IT Director

Michelle Anderson, State of Vermont, Agency of Digital Services - Legal Counsel

Shawn Nailor, State of Vermont, Agency of Digital Services - Director

Enabling Legislation

The Cybersecurity Advisory Council was created as a result of Act 71 of the 2023 Legislative Session, Act 71 is the result of House Bill 291. Read the full language of Act 71, or a summary is included below.

Act No. 71 (H. 291). An act relating to the creation of the Cybersecurity Advisory Council  

Subjects: Executive; information technology; Agency of Digital Services; cybersecurity; critical infrastructure  

This act creates the Cybersecurity Advisory Council to advise on the State’s cybersecurity infrastructure, best practices, communications protocols, standards, training, and safeguards.  

Sec. 1 of this act establishes the Council and relevant definitions in 20 V.S.A. chapter 208. The Council is composed of 11 members and the Chief Information Officer serves as Chair. Among other responsibilities, the Council is required to develop a strategic plan for protecting the State’s public sector and private sector information and systems from cybersecurity attacks, evaluate statewide cybersecurity readiness, and conduct an inventory and review of cybersecurity standards and protocols for critical sector infrastructures. The Council is authorized to enter into executive session for certain reasons that are in addition to the considerations listed in 1 V.S.A. § 313 and also has a public records act exemption regarding cybersecurity standards, protocols, and incident responses, if the disclosure would jeopardize public safety.  

Sec. 2 of this act amends the definition of “critical infrastructure” in 11 V.S.A. § 1701.  

Sec. 3 of this act requires the Council to include in its annual report due on January 15, 2024 any recommendations on whether to amend the definition of “essential supply chain”.  

Sec. 4 of this act sunsets the Council on June 30, 2028. 

Meetings

Meeting notices

Special Meeting - First Meeting - January 24, 2024 - Complete

Regular Meetings will be every other month on the third Wednesday

March 20, 2024; May 15, 2024; July 17, 2024; September 18, 2024; November 20, 2024

Agendas 

January 24, 2024 - Complete

Minutes/recordings

First Meeting Recording - Cybersecurity Advisory Council Meeting 1/24/24 (youtube.com)

First Meeting Recap - January 24 2024 Meeting Agenda and Minutes

Teams Etiquette for Members of the Public in Attendance

Members of the public are welcome to attend all or portions of each meeting.

Please enter the meeting on mute with your video turned off. Members of the public are asked to only unmute/enable video if they are submitting public comment or otherwise presenting.

Public comment will be taken at the end of each meeting. Members of the public will not be able to unmute/enable camera until this portion of the meeting.

Please speak in a concise and clear manner so that everyone can hear what you are saying.

  • For those calling in by phone:
    • Press *6 on your phone to unmute and mute your phone.
    • Please state your name for the record when commenting.
    • During the public comment period, the coordinator will call on those who asked to comment by the last four digits of the phone number and name.
  • For those who are signed into TEAMS:
    • Use the raise hand option when it is time for comments.
    • If you are having technical issues, please do not interrupt the meeting. The most common are volume issues or the audio breaking up. Please check your own volume and adjust or wait a couple minutes to see if things improve. Leaving and re-entering the meeting may also help.
    • Unless you are speaking, please keep video off to enhance the audio quality for all.
    • Closed Captioning: Automatic captioning is available for those who need it when using Teams. To enable:
      • Join the Teams meeting as you usually would.
      • Once in the meeting, click the button with the three dots at the top of your screen (in the bar with the mute and camera buttons).
      • Click "turn on live captions."
      • Captions should automatically appear. Please Note: These are automatically generated captions, and may contain inaccuracies.

Reports

Cybersecurity Advisory Council Report to the Legislature January 2024