A recently launched public-private cyber defense center stood up in August is already strengthening its bonds and will be expanding its initial focus on ransomware and incident response to cloud providers to include some critical infrastructures, the director of the Cybersecurity and Infrastructure Security Agency (CISA) said on Tuesday.
The Joint Cyber Defense Collaborative (JCDC), which is hosted by CISA, also brings together key government partners that include the Defense Department, U.S. Cyber Command, FBI, National Security Agency, the Office of the Director of National Intelligence, and the private sector to assess and analyze data and information about cyber threats and create insights and directives for industry to take actions.
Since the standup of the JCDC,” I’ve seen the connective tissue strengthen among all of us and as well with the private sector,” Jen Easterly, the CISA director, said during a panel on public and private sector partnerships hosted by Auburn University’s McCrary Institute.
The initial focus of the JCDC has been on combatting ransomware and developing a response framework for incidents affecting cloud service providers. Easterly said a joint cybersecurity advisory issued on Monday by CISA, the FBI on Blackmatter ransomware that has targeted U.S. critical infrastructure, including two entities within the food and agricultural sector, is “reflective” of the work of the JCDC and included contributions from the private sector.
The JCDC is also starting some “sprints” with critical infrastructures, including a natural gas pipeline initiative launched by the White House in August, she said.
Easterly said “this is all about the future of partnerships, which is in my view is operational collaboration.”
Bill Fehrman, president and CEO of Berkshire Hathaway Energy, which manages a portfolio of energy companies, said that he is a strong “promoter” of the JCDC, noting that in his 40 years in the industry, it’s the first time government agencies are bringing down their “silos” to “do something that is meaningful for private industry.”
Fehrman, who also was on the panel, said the JCDC is a mechanism for government and industry to work side-by-side to “bring information together and quickly analyze it, assess it and send directives and insights back out to private industry so that we can actually do something about it and take aggressive actions to better protect the infrastructure that we all manage.”
The past few years saw that private and public sector collaborative efforts on cybersecurity “slipped back,” Fehrman said, but now “if we can actually move this and pull this off, and keep driving in the right direction, I think there’s going to be tremendous value in what this is going to do for the country.” He added that the private sector has to do its part as well.
In addition to the broad information sharing between government and industry analysts, the JCDC is also working to get “left of boom,” Easterly said, referring to preventing a potential threat from going off or doing any damage. The routine working together among and between the various government and industry partners enables planning so that “we understand how we operate in this space,” she said.
Rob Joyce, director of the NSA’s Cybersecurity Directorate, said that his agency has learned through its foreign intelligence mission that collecting the information it does and “connecting that information into operational outcomes is vital. It’s very nice to know things but it is completely useless if we don’t do things.”
The NSA has turned classified information into “big outcomes” in the national security space by making the information operational in an unclassified way even if it is still sensitive, Joyce said. Industry routinely works with sensitive, proprietary information in their daily operations, he noted.
“And what I’ve seen in NSA in the last several months is we’ve been able to take that sensitive information, get it down to that unclassified level where it’s operational, and work with companies in the defense industrial base as well as the cloud providers and the TCOM (telecommunications) providers who really are the base of that defense industrial base,” he said. “But that interaction of an analyst who is looking at the foreign threat and an analyst who is on a domestic network watching the packets go by is a special thing when they come together and are able to operationalize it.”