ArchiveOODA OriginalSecurity and Resiliency

At Black Hat 2021, CISA Director Jen Easterly launches CISA JCDC (Joint Cyber Defense Collaborative)

 

The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new agency effort, the Joint Cyber Defense Collaborative (JCDC), to develop cyber defense operations strategies and to implement those plans in collaboration with partners to mitigate risk prior to information security incidents occurring and to coordinate unified defensive actions in the event of a cyber-attack.

The JCDC website states that the mission of the new effort is to “lead the development of the Nation’s cyber defense plans by working across the public and private sectors to unify deliberate and crisis action planning, while coordinating the integrated execution of these plans.”

According to the CISA JCDC announcement timed for release during CISA’s Director Jen Easterly’s keynote speech at Black Hat USA 2021 last week, CISA is establishing the JCDC to:

  • integrate unique cyber capabilities across multiple federal agencies, many state and local governments, and countless private sector entities to achieve shared objectives.
  • Design and implement comprehensive, whole-of-nation cyber defense plans to address risks and facilitate coordinated action;
  • Share insight to shape joint understanding of challenges and opportunities for cyber defense;
  • Implement coordinated defensive cyber operations to prevent and reduce impacts of cyber intrusions; and
  • Support joint exercises to improve cyber defense operations.

 

Partner companies include Microsoft, Amazon Web Services (AWS), CrowdStrike, Palo Alto networks, FireEye, Google, AT&T, Verizon and Lumen and Verizon with a commitment to identifying and reducing the risk of cyber threats before they turn into unmitigated disasters impacting the infrastructure and economy of the nation and the day to day life and safety of ordinary citizens.

The JCDC’s office for joint cyber planning will include representatives from the Department of Homeland Security (DHS), Department of Justice (DOJ), United States Cyber Command (USCYBERCOM), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI), including Sector Risk Management Agencies (SRMAs) when appropriate.  The JCDC will also consult state, local, tribal, and territorial (SLTT) governments and be encouraged to share cyber risk information, including long term risk scenarios, specific to their SLTT.

Information sharing and analysis organizations and centers (ISAOs/ISACs) “will serve as a force multiplier to incorporate sector-specific priorities into the JCDC planning framework.”  Information and communication technology (ICT) and cyber threat intelligence (CTI) providers, and critical infrastructure owners and operators will be invited to assist in the development and support the implementation of the national cyber defense plans.  Academic partners will also collaborate with CISA JCDC.

Considered the seminal social events of the year by most in the cybersecurity community, also newsworthy was the general size of the hacker conferences this year.  The Washington Post reported that Black Hat attendance was about 25% of the usual on-site conference participation , while Defcon was “expecting about one-third to one-fourth of its normal in-person attendance as well.”[i]  As a result, both events were hybrid conferences, with registration allowing for onsite and virtual access to a high percentage of conference elements.

Black Hat organizers describe Easterly’s speech as laying “out her vision for how hackers, the government, and private sector can work together to confront cyber threats and solve tomorrow’s cyber puzzles before they become threats….key themes include urgent threats and those on the horizon, transparency and information sharing, partners and collaboration, and ensuring the workforce of today and tomorrow is equipped with the right skillset and knowledge to protect against future threats.”

When interviewed after the speech, Easterly noted that “having spent the last four and a half years in the private sector, I’m a big believer in the power of innovation that comes from our private sector.  And you know, even after my keynote, we had several more [companies] who wanted to join [the JCDC], so I think people see this as something that is materially different, and exciting.”[ii]

 

Key JCDC Capabilities listed as part of the JCDC Fact Sheet

Both Secretary Mayorkas and Director Easterly address the Cybersecurity Skills Gap

Secretary of Homeland Security Alejandro N. Mayorkas also delivered a keynote at the Black Hat USA conference which was preceded by a Twitter conversation with Director Easterly.

During her keynote, Easterly provided a QR code for people to join ‘team CISA.” In his speech,  Secretary Mayorkas referred to the launch of the “new DHS Cyber Talent Management System in short order.  This initiative – which is the product of a law enacted seven years ago – will give us more flexibility to hire the very best cyber talent and ensure we can compete more effectively with the private sector.  It’s taken too long to get here, but we are proud to have gotten this hiring effort over the finish line.  Developing a top-tier, diverse cybersecurity workforce will remain a priority for us at DHS and the federal government under the Biden-Harris Administration.”

Notes

[i] The Cybersecurity 202: The year’s biggest cybersecurity conferences are back, but limited – The Washington Post

[ii] Jen Easterly at Black Hat: Top cyber official makes debut calling for more ‘ambitious’ defenses and wearing a ‘Free Britney’ shirt | CNN

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking

Corporate Sensemaking: Establishing an Intelligent Enterprise

OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking

Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage

This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking

COVID-19 Sensemaking: What is next for business and governments

From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page.

Space Sensemaking: What does your business need to know now

A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking

Quantum Computing Sensemaking

OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See: Quantum Computing Sensemaking.

The OODAcast Video and Podcast Series

In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast

 

 

Daniel Pereira

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.