Government

How JCDC is building trust between public and private partners

When threats like Log4J and cyberwar emerge, JCDC partners know who to call (or Slack!)
article cover

Francis Scialabba

· 3 min read

At RSA 2022 in June, Jen Easterly provided a kind of progress report for the almost-one-year-old alliance known as the Joint Cyber Defense Collaborative, or JCDC.

“It’s starting to build momentum. But most importantly, it’s starting to build trust,” said Easterly, director of CISA, during a panel at the time.

The faith amongst public and private partners still appears strong as the JCDC—an alliance including companies like Microsoft and Google Cloud, as well as eight government partners—counts some Ws from its first year. JCDC industry participants who spoke with IT Brew showed an appreciation for the group’s efforts to react to and solve complex, unexpected cybersecurity crises.

“If some major event was to occur, then you’ve got a group of people who already know each other, who already trust each other, who already have a safe place to collaborate, that can respond super quickly to a breaking cyber event,” said Don Smith, VP of threat research at the cybersec company Secureworks.

Successful collabs. In an August blog post, a year after the creation of the collective, Easterly highlighted the coordinated response efforts to major cybersecurity events, like the over-the-weekend revelation in late 2021 of a Log4J vulnerability. JCDC members ultimately provided 17 threat analyses that informed CISA’s alerts, and created a vulnerability guidance webpage that generated “more than 300,000 page views in its first three weeks.”

“It’s one thing when a vendor puts out a notice on new research; it’s another thing when somebody like the JCDC echoes that as an area of importance,” said Ryan Gillis, VP for cybersecurity strategy and global policy at Palo Alto Networks.

Top insights for IT pros

From cybersecurity and big data to software development and gaming. Our IT Brew newsletter delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.

Easterly also cited successes with JCDC’s support in addressing the espionage tool Daxin and in creating a “Shields Up” campaign that provides cybersecurity guidance in the wake of Russia’s invasion of Ukraine.

In September 2021, CISA released an alert that advanced persistent threat (APT) actors were targeting defense contractors, via vulnerabilities in a self-service password management tool. Palo Alto worked with the government, through the JCDC, and also published their own report on the threat.

“We were able to share the operational information that we knew of, [which] allows the government to reach out to both [the] private sector and…its own internal defenses to see if they are seeing any indicators of these attacks, to harden their defenses before the report goes public,” said Gillis.

What’s next? Easterly’s post hinted at future collaboration efforts, including support for election-infrastructure defenses and JCDC’s recent welcoming of industrial control systems (ICS) industry experts.

Ron Bushar, CTO for government solutions at the cybersecurity firm Mandiant, sees JCDC as an important solver of “internet-scale cyber problems”—crises that the group is uniquely suited to confront.

A unified body that evaluates facts and then releases an objective set of recommendations is valuable, said Bushar:

“Candidly, having that not just be a governmental statement, but it’s coming from trusted industry as well, adds a lot of credibility to the messaging and the communications,” Bushar told IT Brew.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

Top insights for IT pros

From cybersecurity and big data to software development and gaming. Our IT Brew newsletter delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.