Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

End of Bibblio RCM includes -->
08:55 PM
Connect Directly

CISA Launches JCDC, the Joint Cyber Defense Collaborative

"We can't do this alone," the new CISA director told attendees in a keynote at Black Hat USA today.

BLACK HAT USA 2021 – Las Vegas – Jen Easterly, the newly appointed director of the Cybersecurity and Infrastructure Security Agency (CISA), officially invited the security industry to team up with the federal government to proactively address and defend against the growing wave of cyberattacks on US organizations and government agencies that have intensified over the past year.

"Partner with us to raise the cybersecurity baseline of our data, of our networks, of our services, of our networks, and help us make the Internet a safer place," Easterly said in a prerecorded virtual keynote here today at Black Hat USA that was streamed on large video screens in the main ballroom of the Mandalay Bay Convention Center. 

Just before Easterly's keynote, CISA officially announced the formation of the Joint Cyber Defense Collective (JCDC), a CISA initiative that will bring together government and private industry to work together on coordinated US cyber-defense operation plans for protecting and responding to cyberattacks and threats.

The aim of the JCDC is to establish a "shared situational awareness of the threat environment" for a jointly created national cyber-defense plan, Easterly said, and to map it to actual operation blueprints that can be employed to reduce cyber threats and risk to organizations in the US, "so we develop real plans to defend the nation in cyber."

Ransomware and cloud security are the JCDC's initial priorities, she said, specifically "combating ransomware and planning a framework to respond to cyber incidents affecting cloud service providers."

In addition to CISA, key federal government participants in the JCDC include the Defense Department, US Cyber Command, the National Security Agency, FBI, and the Office of the Director of National Intelligence. Industry sector-specific agencies, such as the Department of Energy, Department of Transportation, Environmental Protection Agency, and the Food and Drug Administration, are expected to join the JCDC as it rolls out, Easterly said.

The first private-sector members are Amazon Web Services, AT&T, CrowdStrike, FireEye Mandiant, Google Cloud, Lumen, Microsoft, Palo Alto Networks, and Verizon.

"Microsoft has long maintained that security is a team sport, and with greater alignment and cooperation between government and industry, we can protect against emerging cyber threats," said Tom Burt, Microsoft's corporate vice president of customer security and trust, in a statement provided to Dark Reading. "We applaud CISA's efforts to enhance collaboration for government and industry, and we look forward to participating in the Joint Cyber Defense Collaboration efforts to improve cyber defense."

Cameron Camp, a security researcher at ESET, said the key is for federal agencies to be able to "talk to each other" to collaborate. Even with the group effort of government and industry, Camp believes combating ransomware attacks will be an ambitious goal. "It's going to be really hard because you can't [just] stop ransomware quickly," he said.

According to CISA, the JCDC will blend the various cyber capabilities of its members to better coordinate defense plans for federal, state, and local government agencies and the private sector and to run joint cyber defense exercises.

Easterly ticked off three examples of recent collaborative efforts between CISA and private-sector security researchers. Victor Gevers, chairman of the Dutch Institute for Vulnerability Disclosure, provided details on the chain of vulnerabilities exploiting IT management software provider Kaseya earlier this year – information that CISA employed to help "manage national response" to the supply chain attack, she said.

Then there was Sean Metcalf of Trimarc, she said, who "helped us understand the complications around identity management around the SolarWinds attack." And Will Dormann, of Carnegie Mellon's CERT Coordination Center, provided analysis of the recently exploited PrintNightmare vulnerability to help tighten up the federal government's network security, she said. 

In a lighter moment during her keynote, Easterly put up a slide depicting a logo that paid homage to the legendary rock band AC/DC with the lightning-bolt style logo JC/DC, along with a recorded electric guitar riff akin to the band's music. 


The Three P's
Easterly's appeal to Black Hat attendees for forging a strong partnership between the public and private sector in cybersecurity is not the first time  federal officials have solicited such a relationship. But this time, it's in the form of a collaborative venture emphasizing proactive planning and specific response plans for cyber threats to the US government and private-sector businesses.

"We can provide context to what you're seeing," she said. 

The combination of insight and data from intel agencies and law enforcement, as well as anonymized intel gleaned from incident response cases that CISA has worked, can help warn other potential attack victims, said Easterly, whose career spans 20 years in the US Army, as well as high-level intelligence positions at the NSA and in the White House. She also helped design the US Cyber Command. Most recently, she served as the head of Firm Resilience and the Fusion Resilience Center at Morgan Stanley.

"With public-private partnership and information-sharing, my goal is to really breathe new life into these arguably hackneyed [terms]," she said, with collaboration and timely, actionable information-sharing that helps organizations know how to better secure their networks.

"I fundamentally believe this approach will make us strong and help us secure the very complicated supply chain that underpins almost everything we do," Easterly said.

DHS Secretary Alejandro Mayorkas in his locknote address at Black Hat USA today, which also was prerecorded and streamed, echoed Easterly's call for partnering with the DHS. 

"I have said before that the DHS is fundamentally a department of partnerships," he said. The JCDC is "one of many efforts underway to leverage our partners" to keep the US safe, he said.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file