Analysis
Attacks and Vulnerabilities
CISA
Critical infrastructure
News

JCDC 2023 Planning Agenda to address systemic risk, collective cyber response, high-risk communities

January 30, 2023
JCDC 2023 Planning Agenda to address systemic risk, collective cyber response, high-risk communities

The Joint Cyber Defense Collaborative (JCDC) unveiled its 2023 Planning Agenda focused on working on joint cyber defense plans covering systemic risk, collective cyber response, and high-risk communities. The initiative will maintain flexibility to undertake urgent planning efforts as the risk environment changes, recognizing that agility is foundational to shared success. 

The 2023 Planning Agenda also outlines an effort to strengthen the protection of civil society organizations at higher risk of being targeted by foreign state hackers through collaborative planning with key government and industry stakeholders. “Widespread security flaws and configuration missteps in these technologies create opportunities for malicious actors to steal information, destroy valuable data, and cut off access to critical goods and services. JCDC’s planning agenda addresses these important and complex security challenges,” it added.

Set up in August 2021, JCDC is a collaborative effort between various cybersecurity entities, owners of critical infrastructure, and government departments. These include the U.S. Cyber Command, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Justice (DOJ), the Office of the Director of National Intelligence (ODNI), the U.S. Department of Defense (DoD), U.S. Secret Service, and the Department of Homeland Security (DHS).

“Charged with staying ahead of and confronting cyber risk and cyber threats to the nation’s critical infrastructure, CISA brought together experts across government and the private sector to develop a collaborative cyber planning agenda,” the agency said last week. “No single entity has the complete knowledge, capabilities, and legal authorities to defend the entire digital ecosystem against advanced persistent threat (APT) actors. By combining the capabilities of key industry partners with the unique insights of government agencies, JCDC can create common, shoulder-to-shoulder approaches to confront malicious actors and significant cyber risks.”

The agenda’s priorities represent proactive planning and persistent collaboration, which means having the right groups ready to engage in real-time collaboration in a rapidly changing risk environment. JCDC’s new multidirectional real-time information-sharing initiative, primarily built on trust and a willingness to work together, is a fundamentally different collaboration model that will enable the accomplishment of the agenda priorities.

Addressing the systemic risk issue, the initiative identified that malicious actors know how to work smarter, not harder, by targeting single points of failure in critical infrastructure. “Targeting of software, hardware, and services that are widely used across sectors or compromises of lifeline functions like electrical and water that underpin virtually every organization could result in cascading impacts and severe impacts to our national critical functions,” it added. 

The 2023 Planning Agenda includes efforts to address Open-Source Software that understands and mitigates risks potentially posed by open-source software (OSS) used in industrial control systems. It will include advanced cybersecurity and reduce supply chain risk for small and medium critical infrastructure entities through collaboration with remote monitoring and management (RMM), managed service providers (MSPs), and managed security service providers (MSSPs).

Covering the energy sector, the 2023 Planning Agenda looks at deepening operational collaboration and integration with the energy sector in partnership with the Department of Energy. In the case of the water sector, the JCDC agenda sets out to identify the approach to enhance the security and resilience of edge devices for the water sector.

Looking into collective cyber response, the JCDC’s 2023 Planning Agenda said that, “as a nation, we must anticipate that malicious cyber actors will at times circumvent our combined defenses. At the same time, the American people rightly expect the U.S. government to plan for a coordinated public-private response to minimize impacts and quickly recover.” 

The 2023 Planning Agenda identifies an effort to update the National Cyber Incident Response Plan (NCIRP). Over the past several years, the government and the private sector have advanced processes and approaches for incident response, though plans and doctrines have not kept up. JCDC will lead an effort to update the National Cyber Incident Response Plan in close coordination with interagency partners. The update will include incorporating changes and lessons learned since the release of the 2016 NCIRP and articulating specific roles for non-federal entities in organizing and executing national incident response activities. 

The NCIRP describes a national approach to dealing with cyber incidents; addresses the important role that the private sector, state and local governments, and multiple federal agencies play in responding to incidents and how actions fit together for an integrated response. The plan applies to cyber incidents and significant cyber incidents that are likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the U.S. or the public confidence, civil liberties, or public health and safety of the American people.

JCDC’s 2023 Planning Agenda will also take into account high-risk communities. “Malicious cyber actors do not only target critical infrastructure or businesses; to the contrary, we know that adversaries—seeking to undermine American values and interests—routinely target high-risk communities, such as civil society organizations that support journalists and cybersecurity researchers,” it added.

Earlier this month, the CISA announced the addition of T-Mobile, SentinelOne, and NTT to its JCDC initiative. The move brings together cyber defenders to generate and share actionable data that can help with effective cybersecurity, pooling resources to analyze, assess and monitor the relevant information to create an integrated strategy for prevention, defense, and response against cyber threats.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base