CISA unveils 2024 priorities for JCDC, focusing on cyber threats from China and enhancing cybersecurity efforts

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its 2024 planning agenda for the Joint Cyber Defense Collaborative (JCDC), with a specific emphasis on addressing the growing cyber threats originating from China against critical infrastructure installations. The agenda aims to bolster cybersecurity efforts and enhance collaborative efforts in countering these threats.

The 2024 priorities are defined around three focus areas including defending against advanced persistent threat (APT) operations, aligning JCDC strategic and operational efforts to counter known and suspected APT campaigns that target critical infrastructure sectors with the potential to impact National Critical Functions, particularly those affiliated with the People’s Republic of China (PRC). The second focus area, Raise the Baseline, encompasses JCDC’s efforts to improve the cybersecurity posture of critical infrastructure entities to reduce the frequency and impact of cyber incidents. The third focus area, Anticipate Emerging Technology and Risks, seeks to decrease the likelihood and impact of AI-related threats and vulnerabilities to critical infrastructure providers.

“I am incredibly proud of this collaborative team and what we have accomplished, overcoming many obstacles to meet the demands of the ever-evolving cyber threat landscape,” Clayton Romans, associate director of the JCDC, wrote in a Monday blog post. “Through JCDC, CISA looks forward to furthering this work with our partners across government and private sector to tackle some of the most significant cyber risks facing our country in 2024.”

CISA also pointed out that six 2024 JCDC priorities, aligned with the three focus areas, call out specific topics for increased attention. 

JCDC’s Priorities for 2024 are to discover and defend against malicious abuse by APT actors, particularly those backed by the PRC, on and against U.S.-based infrastructure; prepare for major cyber incidents; and help provide state and local election officials with information and tools to help secure their networks and infrastructure against cyber threats as part of CISA’s broader election security efforts. It also included measurably decreasing the impact of ransomware on critical infrastructure; making measurable progress toward a world where technology is secure-by-design; and decreasing the risk posed by AI to critical infrastructure.

The JCDC’s 2024 Priorities have been established to foster unified efforts among public and private partners in achieving crucial cybersecurity outcomes. These priorities are the result of collaborative input from hundreds of JCDC partner organizations, including government, industry, and international partners.

While these Priorities build on the 2023 Planning Agenda, they also represent a critical step in JCDC’s maturation, the CISA identified. “For the first time, we are aligning our priorities under three broad focus areas, which in turn will enable alignment of resources and strategic direction,” it added.

Last year’s ODNI Annual Threat Assessment makes clear the threat posed by malicious cyber actors, particularly those affiliated with the PRC, the CISA disclosed. “No longer can our cyber defense focus on espionage and data theft; we must now posture to protect our country and allies against destructive attacks designed to cause real-world harm. Our priorities in this focus area center on JCDC’s strategic and operational efforts to counter known and suspected APT attack campaigns targeting entities that support national critical functions.”

It added that it will discover and defend against malicious abuse by APT actors, particularly those backed by the PRC, on and against U.S.-based infrastructure; and prepare for major cyber incidents. JCDC will finalize and publish the National Cyber Incident Response Plan (NCIRP), in close coordination with interagency and industry partners.

When it comes to raising the cybersecurity baseline, the CISA identified that too many successful intrusions are preventable, the result of inadequate investment in basic practices. It added that its priorities in this focus area center on JCDC’s ability to organize and support efforts that raise the cybersecurity baseline of critical infrastructure entities, including helping state and local election officials secure their networks and infrastructure against cyber threats as part of CISA’s broader election security efforts and measurably decreasing the effect of ransomware on critical infrastructure.

It also included making measurable progress toward a world where technology is secure-by-design. “Even as we urgently work to help organizations implement the most effective cybersecurity measures, we know that scalable change requires a fundamental shift in how technology is designed, built, and maintained. We will continue to drive measurable commitments across the technology ecosystem that reduce the number of defective technology products by design and ensure that strong default settings are the norm,” the CISA added.

Addressing anticipation of emerging technology and risks, the CISA said that innovation can help to close off entire avenues of attack but may also create new cybersecurity risks. “Our priorities in this focus area center on JCDC’s work with the cybersecurity community to support accelerated innovation in cyber defense and reduce known and suspected risks posed by the deployment of emerging technologies.”

It also identified the need to decrease the risk posed by artificial intelligence (AI) to critical infrastructure. “In alignment and coordination with CISA’s Roadmap for Artificial Intelligence, JCDC will work to decrease the likelihood and impact of AI-related threats and vulnerabilities to critical infrastructure providers.”

JCDC will work this year with interagency and private sector partners to strengthen the ability of critical infrastructure sector organizations to prepare for and respond to future malicious activity on their networks, including activity utilizing living off the land techniques. It will also leverage its resources and engage with partners to prioritize operational activities that actively defend against and disrupt ransomware campaigns in collaboration with government and non-governmental entities. Furthermore, it will collaborate with technology providers to leverage secure-by-design principles to scale protection.

The JCDC will work to elevate critical infrastructure’s capacity for resiliency and capability for recovery in response to major cyber incidents. This includes supporting CISA’s work to update the National Cyber Incident Response Plan (NCIRP). As directed by the President’s 2023 National Cybersecurity Strategy, 

Additionally, the CISA, in close coordination with the Office of the National Cyber Director, is gathering input from public and private sector partners to identify key changes for incorporation into the updated NCIRP. Through JCDC, CISA is working to ensure this process addresses significant changes in policy and cyber operations since the NCIRP was released and plans to publish an updated NCIRP this year.

Last year, the JCDC initiated a collaborative cyber defense planning effort to support the awareness, security, and cyber resiliency of open-source software in operational technology and industrial control systems. By embracing open-source principles, CISA not only champions inclusivity but also fortifies the nation’s defenses against evolving threats.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.