An information-sharing collaborative established by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to bring together public and private sector cybersecurity efforts is facing criticism due to its faltering performance, according to experts who testified at a congressional hearing on Tuesday.
The Joint Cyber Defense Collaborative (JCDC) was launched by CISA in 2021 with the aim of enlisting service providers, infrastructure operators, and cybersecurity companies to assist the agency in coordinating cyber defense operations and fostering collaboration between the federal government and the private industry. However, three years later, the collaboration, which includes agencies such as the FBI and NSA, as well as tech giants like Verizon, Google, and Microsoft, is experiencing “growing pains,” as described by Robert Lee, CEO and co-founder of the cybersecurity firm Dragos.
During a hearing before the House Homeland Security cybersecurity subcommittee, Lee expressed his disappointment with the JCDC, stating, “The reality is: We’re not seeing a lot of success out of [the JCDC] currently.”
This criticism comes as reports have indicated that the JCDC has essentially stalled, with program participants voicing concerns about the increasing political polarization of CISA’s election security efforts. A government watchdog has urged CISA to improve threat information sharing and stakeholder engagement, citing the need for “additional information related to the threats specific to their regions and local infrastructure.”
In response to these criticisms, Eric Goldstein, CISA’s executive assistant director, defended the JCDC, stating that it has built “a new model of persistent collaboration” with the participation of more than 200 companies across its platforms. Goldstein emphasized that the JCDC has produced nearly 50 advisories reflecting industry input and has engaged in “multiple joint planning efforts to address our most significant risks.” He also expressed the agency’s commitment to seeking and incorporating feedback in order to optimize the collaborative model.
Marty Edwards, deputy chief technology officer for the security firm Tenable, acknowledged that CISA’s information-sharing partnerships with the private sector are still in their early stages and have room for improvement. He specifically pointed to the industrial control systems joint working group launched by the JCDC as needing “additional shepherding” to promote collaboration in securing domestic industrial control systems.
Despite the criticism and challenges faced by the JCDC, Edwards stressed the value that the collaborative provides and expressed a willingness to work with CISA and other partners to improve its effectiveness.
In summary, while the JCDC has faced growing criticism and challenges, CISA remains committed to working with its partners to address the shortcomings and optimize the collaborative model. The need for improved information sharing and stakeholder engagement, as well as addressing concerns related to political polarization and program effectiveness, will require ongoing efforts from both the public and private sectors.