Inside Cybersecurity

December 7, 2021

Daily News

CISA’s new ‘collaborative’ group draws praise from Solarium Commission members

By Sara Friedman / August 6, 2021

The Joint Cyber Defense Collaborative has the potential to significantly shift how CISA works with industry to deter and respond to cyber attacks, according to Cyberspace Solarium Commission leaders, who said the new government-industry group could drive implementation of recommendations from the commission’s landmark report issued last year.

Cybersecurity and Infrastructure Security Director Jen Easterly announced the launch of the JCDC at the Black Hat conference on Thursday. The new initiative brings together agencies and industry to develop “cyber defense operations plans” through partnerships that aim to “drive down risk before an incident and to unify defensive actions should an incident occur.”

“Jen Easterly has only been at CISA for a month, and she’s already making a significant impact. The Joint Cyber Defense Collaborative is exactly the kind of aggressive, forward-leaning thinking we need to combat the ever-growing cyber threats that face our nation,” said Solarium member Rep. Jim Langevin (D-RI). “By bringing together planning, threat analysis, and defensive operations activities, the JCDC will continue CISA’s rapid maturation.”

Langevin added: “I am also impressed by the list of private sector partners Director Easterly has already signed on to the initiative. Protecting critical infrastructure like hospitals and pipelines requires close collaboration with the companies that own and operate it. JCDC will evolve relationships built on information sharing into true partnerships where government and private sector cyber professionals are working side-by-side to secure our systems and thwart our adversaries.”

Langevin said CISA’s decision to form the group reflects the commission’s recommendation about integrating intelligence with cybersecurity operations.

“Director Easterly has taken the work of the Cyberspace Solarium Commission and evolved it to meet the changing federal landscape,” Langevin said. “The JCDC brings together our recommendations about planning, intelligence fusion, and cybersecurity operations in a visionary way. There is no one better than Director Easterly to carry out the mission entrusted to CISA by Congress. I look forward to continuing to work with her and her team to support the efforts of the JCDC and protect our nation in this new domain.”

Langevin is chairman of the House Armed Services cyber subcommittee.

Solarium Commission senior advisor Mark Montgomery threw his support behind the JCDC, adding the details for its operations will have to worked out by CISA and Congress.

“There is still a lot of work for CISA to do in organizing and implementing this initiative and for Congress in both authorizations and appropriations to support the initiative,” Montgomery said.

“The JCDC could be used to wrap together the planning, defensive operations, and information fusing functions under one roof and has the potential to significantly benefit the United States’ overall cybersecurity and resilience,” he added. “From the commission’s perspective, this brings together three critical recommendations: the Joint Cyber Planning Office, the Integrated Cybersecurity Center, and the Joint Collaborative Environment that can realize a vision for joint cyber planning, integrated operations, and public-private cyber threat analysis.”

In addition to his role at the commission, Montgomery is a senior director at the Foundation for Defense of Democracies.

CISA’s initial JCDC industry partners include Amazon Web Services, AT&T, Crowdstrike, FireEye Mandiant, Google Cloud, Lumen, Microsoft, Palo Alto Networks, and Verizon.

“Government partners include the Department of Defense, U.S. Cyber Command, the National Security Agency, the Department of Justice, the Federal Bureau of Investigation and the Office of the Director of National Intelligence, with Sector Risk Management Agencies joining the effort as we move forward,” CISA said.

BSA-The Software Alliance’s Henry Young called the JCDC “a much needed step in the right direction” during “a year of several high profile ransomware attacks that have affected millions of people.”

“We need to continuously improve cybersecurity risk management, and the key to being successful is for government and the private sector to work together,” said Young, BSA’s director of policy. “BSA welcomes the announcement of the JCDC, which underscores the importance of public-private collaboration and moving from a reactive to a proactive posture.”

JCDC industry partners also commented of CISA’s announcement, saying the move will strengthen government-industry partnerships to counter cyber attacks.

Google Cloud CISO Phil Venables said, “In order to bolster our nation’s cyber defenses, it's essential that the public and private sectors work together to defend against evolving threats and shore up modern IT capabilities that will protect our federal, state and local governments. We look forward to working with CISA under the Joint Cyber Defense Collaborative and offering our security resources to build a stronger and more resilient cyber defense posture.”

CrowdStrike Services President Shawn Henry said, “CrowdStrike is proud to be an alliance partner, and we’re excited to bring our unique expertise to the table on day one. The JCDC will create an inclusive, collaborative environment to develop proactive cyber defense strategies, as well as the ability to implement coordinated operations to prevent and respond to cyberattacks. Continued collaboration between industry and government is critical to thwart today’s sophisticated attacks, and CISA’s initiative to bring the most relevant stakeholders together to defend national security is admirable. CrowdStrike is looking forward to partnering on this critical endeavor.”

The Cyberspace Solarium Commission issued its congressionally mandated report in March 2020. -- Sara Friedman (sfriedman@iwpnews.com)