New CISA chief announces Joint Cyber Defense Collaborative with private sector
The new Cybersecurity and Infrastructure Security Agency Director Jen Easterly appealed to the private sector for help fending off digital attackers and announced an initiative called the Joint Cyber Defense Collaborative (JCDC) partnering with major tech and cybersecurity firms Thursday at the Black Hat Security conference.
The initial partners in the program are Crowdstrike, Palo Alto, FireEye, Amazon Web Services, Google, Microsoft, AT&T, Verizon, and Lumen, according to Easterly.
Easterly laid out four key aims in the partnership in her remarks: sharing insights, designing coordinated “whole-of-nation cyber defense plans,” supporting joint exercises, and implementing “coordinated defensive cyber operations to prevent and reduce impacts of cyber-attacks.”
She also weighed in on the CISA’s role amid an escalating threat landscape emphasizing the need for cooperation.
“Our mission is simple on the surface–we lead the national effort to understand and manage cyber and physical risk to our critical national infrastructure, but challenging to execute with significant consequences if we fail,” Easterly said. “This mission can only be accomplished, and this vision realized through collaboration and imagination,” she added.
The JCDC builds on the relationships already facilitated by CISA through its work with industry Information Sharing and Analysis Centers, or ISACS, Easterly said. But it was also the result of Congressional action, she added, citing the Cyberspace Solarium Commission chaired by Senator Angus King (I., Maine) and Congressman Mike Gallagher (R., Wisconsin).
"What’s particularly important about the JCDC announcement is that Director Easterly has taken the work of the Cyberspace Solarium Commission and evolved it to meet the changing federal landscape," Rep. Jim Langevin (D., Rhode Island), a member of the Commission, said in a statement. "The JCDC brings together our recommendations about planning, intelligence fusion, and cybersecurity operations in a visionary way."
The Wall Street Journal first reported on the JCDC initiative before Easterly’s remarks.
The appearance was Easterly’s first public speech since she was unanimously confirmed by the Senate last month, filling an eight-month leadership void at the top of DHS’ cyber wing.
The agency, which was formed in 2018 employs roughly 2,500 people, has been stretched thin as it tries to fulfill its mission to safeguard federal civilian networks and provide security guidance to local governments and critical infrastructure operators.
Congressional lawmakers have pushed for a major budget increase for the agency in the wake of the SolarWinds campaign and the ransomware attacks on the Colonial Pipeline, meat processor JBS and Kaseya.
Prior to leading CISA, Easterly worked in the NSA’s elite hacking unit known as Tailored Access Operations. She was one of a small group of military officers who helped establish U.S. Cyber Command and went on to spend more than two years as deputy director of the NSA’s counterterrorism division.
She later served as a counterterrorism official at the National Security Council during the Obama administration before entering the private sector, where she most recently oversaw Morgan Stanley’s resilience strategy.
In addition to appealing to the private sector, CISA has also been looking to recruit from within other areas of the federal government. Allan Friedman, a longtime fixture of cybersecurity efforts at National Telecommunications and Information Administration, announced June 30th on Twitter that he was leaving the agency to join CISA.
While writing he was sad to leave NTIA, Friedman said it was “time to scale” on some of his work there, including the development of standard disclosures for the components of software, also known as Software Bill of Materials or SBOM. Friedman also spoke at Black Hat, virtually on Wednesday, about related efforts.