CISA’s Joint Cyber Defense Collaborative: Why it just might work

The Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS) has a new director, Jen Easterly. The Senate confirmed Easterly in July, with swearing taking place on August 09, 2021. It should come as no surprise to CISOs to see Easterly dig in and immediately leverage the newly minted Joint Cyber Defense Collaborative (JCDC), which was authorized in the National Defense Authorization Act of 2021.

The JCDC’s mission, according to CISA, is to “leverage new authorities” and “bring together public and private sector entities to unify deliberate and crisis action planning while coordinating the integrated education of these plans. The plans will promote national resilience by coordinating actions to identify, protect against, detect, and respond to malicious cyber activity targeting US critical infrastructure and national interests.”

Who is Jen Easterly?

Easterly is no stranger to being first when it comes to innovation and being able to see a bit over the horizon when it compared to her peers. She served 20-years in the Army where she is credited with standing up the first “cyber battalion.” The National Security Agency (NSA) saw her present from 2011 to 2013, which happened to be immediately after the standing up of the unified US Cyber Command in 2010. She is credited with fleshing out that nascent organization into full operational mode. Following this, she went to Morgan Stanley in 2017 where she stood up the company’s “Firm Resilience and the Fusion Resilience Center,” or simply Cyber Fusion Center (CFC).

Easterly, spoke remotely at the recent Black Hat conference, where she emphasized the need to build the nation’s cybersecurity workforce. Not news to CISOs with empty requisitions, she commented on how there were over 500,000 jobs awaiting personnel in the United States.

Security operations center, CFC and JCDC

CISOs have seen the evolution in cybersecurity to include the attempt to corral information, detect intrusions, and respond accordingly. Nirvana occurs when intrusions are handled automatically without the need for personnel intervention. Over time many companies have stood up security operations centers (SOCs) where their physical and virtual worlds meld. Others have attempted to create CFC-like groups where disparate data sets are melded and decisions are made.

The new JCDC, according to Easterly, will initially focus on ransomware and the cloud. Companies that have been identified as participating include Cisco, Microsoft, Google, Lumen, Amazon Web Services, FireEye, Crowdstrike, Palo Alto Networks, AT&T and Verizon.

“Security operations centers are one dimensional,” says John Burger, CISO at ReliaQuest. “Sometimes the response will include a threat intel function. Seldom [will it] have a holistic view of the business from a business continuity perspective.”

Meanwhile, Anuj Goel, CEO of Cyware (and one who participated in the development of CITI’s CFC), notes how “the fundamental difference between a CFC and SOC is how each unit approaches and operationalizes security.” Goel highlighted how SOCs connect the silos at one location, compared to the CFC, which “coalesces all these siloed units into a single, collaborative, and integrated force to streamline end-to-end threat detection, management and 360-degree response.” When established, Goel says, the security silos are eliminated.

Burger provided his insight from the CISO’s seat that creating a CFC is not for the faint of heart, and his observation will not surprise anyone involved in cybersecurity with its many silos. “The single largest barrier is the organization’s will to bring disparate parts of the “cyber domain” (IT, business continuity, SOC, and threat intel) into one center.”

Enterprise CISOs, when compared to their SMB brethren, enjoy a bounty of resources. There is no denying the CISOs at SMBs are often financially disadvantaged as well as being hamstrung when it comes to engagement in the ever growing “public private partnership.” This is where Easterly’s efforts at CISA will have an immediate impact, as she has already begun the outreach to the resourced constrained, with invitations to engage CISA, as well as providing a plethora of tools and assessments available for the taking.

Some SMBs may be thinking of building their own fusion centers, and the CEO of Minerva Labs, comes down strongly against that idea. Instead, he proffers, “The right direction for SMBs is to find tools that won’t demand them to hire a big security teams, tools which can be used by any IT employee.” He explained, “most cybersecurity tools are complex and for them to work properly and protect with full power, a large professional team is needed.”

Is Easterly’s JCDC for everyone?

Goel adroitly points out how Easterly’s experience is going to “open doors for CISA to force multiple security capabilities while enhancing collaboration with industry sectors through strategic and technical information sharing.” On the larger, national scale, “Easterly’s efforts will foster collective defense across organizations within the US and synchronize their strengths against rapidly evolving and shape shifting threat actors.”

Whether JCDC will also be able to assist entities not involved in national infrastructure is a question waiting to be answered. The answer is no if you don’t ask, so ask. CISOs interested in participating in the JCDC should email CISA.