The Cybersecurity and Infrastructure Security Agency (CISA) in the United States is experiencing challenges in the effectiveness of its Joint Cyber Defense Collaborative (JCDC), according to experts who testified on Tuesday.
The JCDC was launched in 2021 with the aim of bringing together service providers, infrastructure operators, and cybersecurity companies to develop and coordinate cyber defense operations and foster collaboration between the federal government and the private sector. However, three years later, the collaboration, which includes agencies such as the FBI and NSA, as well as tech giants like Verizon, Google, and Microsoft, is reportedly facing “growing pains,” as described by Robert Lee, CEO and co-founder of the cybersecurity firm Dragos, a participant in the JCDC.
During a hearing with the House Homeland Security cybersecurity subcommittee, Lee expressed disappointment in the current progress of the JCDC, stating, “The reality is: We’re not seeing a lot of success out of [the JCDC] currently.”
These criticisms have emerged alongside reports that the JCDC has effectively stalled, with program participants expressing concerns over the increasing political polarization of CISA’s election security efforts. A government watchdog also urged CISA to improve threat information sharing and stakeholder engagement a year after the agency launched the JCDC, with stakeholders expressing the need for “additional information related to the threats specific to their regions and local infrastructure.”
In response, Eric Goldstein, CISA’s executive assistant director, defended the JCDC, stating that the collaborative has engaged over 200 companies and has produced nearly 50 advisories reflecting industry input. Goldstein also highlighted multiple joint planning efforts to address significant risks, emphasizing that the agency is continually seeking and incorporating feedback to optimize the JCDC model.
Marty Edwards, deputy chief technology officer for the security firm Tenable, acknowledged that CISA’s information-sharing partnerships with the private sector are “fairly young” programs that have room for improvement. He specifically pointed to the industrial control systems joint working group launched by the JCDC, stating that it “needs additional shepherding.”
Despite the criticisms, Edwards expressed optimism about the potential of the JCDC, emphasizing the value it provides and the commitment to work with CISA and other partners to enhance the collaborative efforts.
Overall, the challenges faced by the JCDC underscore the complexities of building and maintaining partnerships between the government and the private sector in addressing cybersecurity threats. As CISA continues to work towards optimizing the JCDC model, the agency remains committed to driving collaboration and improving cyber defense operations in the face of evolving threats.