“We must, indeed, all hang together or, most assuredly, we shall all hang separately.”
– Benjamin Franklin
The pandemic landscape has been matched in cyberspace, with daily ransomware attacks causing enterprises large and small, as well as ordinary citizens, to feel vulnerable and helpless. Just as the pandemic requires community buy-in with government and citizens working together, so too will combatting malicious cyber actors to protect our organizations. This is where the Joint Cyber Defense Collaborative (JCDC) comes in.
What is the JCDC?
As the name suggests, the JCDC is a joint collaboration between federal agencies and the private sector led by the Cybersecurity and Infrastructure Security Agency (CISA) to strengthen the nation’s cyber defenses through planning, preparation, and information sharing. The purpose of the JCDC, as directed by Congress to the Department of Homeland Security (DHS), was to establish an “office for joint cyber planning” to develop “for public and private entities” plans to defend against cyberattacks posing a risk to critical infrastructure or national interests. Congress was acting on one of the Cyberspace Solarium Commission’s recommendations, which noted in its report that the number of U.S. government-created cybersecurity organizations makes it difficult “to achieve the unity of effort required to conduct layered cyber defense.”
Those of us in the private sector have felt similar sentiments regarding the various public-private partnerships led by different federal agencies, as well as not clearly understanding the differences between the partnerships and how, or if, they coordinated efforts. Often, we’ve passed threat information to the federal government, but we didn’t know if and how that information was used. The JCDC aims to correct that, creating a unified effort among government agencies and private sector partners to share threat information, validate it, and act on it.
Who makes up the JCDC?
The JCDC is composed of several federal agencies at the forefront of U.S. cyber defense. In addition to CISA, the FBI, the Office of the Director of National Intelligence, the Justice Department, U.S. Cyber Command, and the National Security Agency are all participating. Thirteen private sector companies, in addition to Broadcom Software, were selected as Alliance members in the JCDC, including AT&T, Amazon Web Services, and Google Cloud. The private sector companies represented bring unique capabilities and insights across national critical functions.
How does it work?
The JCDC plans to promote national resilience by coordinating actions to identify, protect against, detect, and respond to malicious cyber activity targeting U.S. critical infrastructure.
The idea is to be proactive, not reactive, so when an attack does occur both public and private sector entities will know who will be responsible for certain actions, and how to respond. We shouldn’t be trying to figure things out after every attack.
The information shared will not be one-way, and it will be useful to both the government and the private sector. As CISA Director Jen Easterly said at the kickoff meeting, this will not be just information sharing but “information enabling.” The information won’t be dated or waiting to be analyzed, but will be timely and relevant, allowing all of us to make informed decisions.
How is the JCDC different?
Having worked at the FBI in national security for 15 years, the idea of bringing public and private sector expertise to see a more complete picture and plan a more effective response resonates with me. While at the FBI, I saw that investigations and analyses provided eyes on potential bad guys, but it was hard to have insight into potential victims. Broadcom Software has enormous visibility into the threat landscape with hundreds of millions of endpoints that it analyzes to better protect our customers. The insights into trends and visibility with the big picture we have, along with the other companies involved, can’t be seen completely by the federal government. And likewise, the federal government has authorities and visibility into bad actors unattainable by the private sector.
I’ve attended several JCDC meetings and believe that it is taking the right steps to be a transformative partnership. It is a maturation of previous partnerships — unifying our cyber defense planning, taking into account lessons learned, and engaging the private sector from the beginning. The JCDC is poised to utilize all instruments of power and take fractured elements to see a more complete picture, together.
So while you may feel alone in protecting your organizations, a more unified, collaborative approach is on the way. As National Cyber Director Chris Inglis stated, if the JCDC works as imagined, the “adversary [will need] to beat all of us to beat one of us.”
To learn more about Broadcom Software, please go here.