Here we go again...
Great, lets let those companies who have failed us time and time again, sometimes deliberately, to design a system to protect us all. Great!
"CISA plans to expand the group's activities over time and will enlist more private sector partners to help as and when needed."
Albeit always not needed. Would not it be superior to get the security community involved from the beginning instead of head slapping later?
What is their absolute aversion to getting help from the security community? I know folks who are every bit as good - and better than the corporate "experts." Until they significantly open this process up to enable "participation," this will just be more theatre with the same tired predictable result - FAIL.
After all, is that not the expectation?