Top officials at the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC) are “demystifying” how the Federal government maintains critical infrastructure security and resiliency by partnering and sharing information with organizations across the globe, panelists said at Splunk’s Dec. 14 Government Summit in Washington, D.C.
“International sharing is for the purposes of protecting American critical infrastructure,” said Patricia Soler, JCDC International’s section chief for the Cybersecurity Division.
Soler emphasized that the “depth and breadth” of CISA’s access to international information is growing by the day – which, she added, “comes at an advantage for the homeland.”
She also touted that the organization collaborates with 150 partners overseas, which she said are “CISA counterparts over the world.”
The global cybersecurity community is a trusted partnership that exchanges “enriching” information that CISA can digest and share with their private and Federal partners involved in the JCDC, she said.
Jill Burkholder, JCDC’s Federal Section Chief of the Cybersecurity Division, said that her team has been working to engage Federal entities to make information sharing more of an effective dialogue.
“[We’re] trying to work towards a push and pull of information, and more timely pushing and pulling of information,” Burkholder said.
Panelists highlighted that the Log4Shell vulnerability that CISA publicized beginning late last year changed the way that JCDC interacts with their partners.
The organization’s website said that “JCDC shared indicators of compromise, threat activity, and intelligence with and among JCDC members to enable partners to act quickly on this threat.”
Since the vulnerability posed threats to many Federal government entities last year, JCDC’s “mindset now has shifted to not only how can our information enable a bank, company, or vendor to protect their own corporate infrastructure, but how can collectively help protect national critical infrastructure,” said James Murphy, JCDC’s section chief for Industry Partnerships.
All three CISA cyber experts said trust and transparency is at the core of everything JCDC and its partners collaborate on.
“Transparency has been at the forefront at every kind of decision we make operationally,” Murphy said. “JCDC is not just private sector companies. We have our partners [across Federal agencies] throughout the national security community that are in the same planning sessions as the private sector . . . sharing information.”
Ultimately, one of the end goals of the JCDC, Murphy said, is to give all of its members one convening point to share critical information to protect the U.S.
Separately, CISA announced in a Twitter posting today that cloud security provider Zscaler is joining the JCDC as a partner in the effort. “JCDC unites the global cyber community in the collective defense of cyberspace,” CISA said.