Government , Industry Specific
CISA's Flagship Cyber Collaborative Faces Growing Criticism
US Joint Cyber Defense Collaborative Suffering From 'Growing Pains,' Experts SayThe U.S. Cybersecurity and Infrastructure Security Agency is failing to use a flagship information-sharing collaborative meant to fuse public and private sector cybersecurity efforts, experts testified Tuesday.
See Also: The CIS Security Operations Center (SOC)
CISA launched the Joint Cyber Defense Collaborative in 2021 to recruit service providers, infrastructure operators and cybersecurity companies into helping the agency develop and coordinate cyber defense operations and drive collaboration between the federal government and private industry. Three years later, the collaboration - which includes the FBI and NSA as well as tech giants such as Verizon, Google and Microsoft - is suffering through "growing pains," according to Robert Lee, CEO and co-founder of the cybersecurity firm Dragos, a participant in the JCDC.
"The reality is: We're not seeing a lot of success out of [the JCDC] currently," Lee told the House Homeland Security cybersecurity subcommittee.
The criticism comes amid reports that the JCDC is effectively stalled and that program participants are expressing concerns over the increasing political polarization of CISA's election security efforts. A government watchdog urged CISA to improve threat information sharing and stakeholder engagement a year after the agency launched the JCDC, and stakeholders told the Government Accountability Office they require "additional information related to the threats specific to their regions and local infrastructure."
In a statement sent to Information Security Media Group, Eric Goldstein, CISA's executive assistant director, hailed the JCDC for building "a new model of persistent collaboration" with more than 200 companies participating across its platforms. Goldstein said the JCDC has produced nearly 50 advisories that reflect industry input and has led "multiple joint planning efforts to address our most significant risks."
"Building partnerships is often complicated, and we're continually working to optimize this model," Goldstein said. The agency is "seeking and incorporating feedback at every turn."
"We're proud of what we've accomplished over the past three years, and even more excited for our shared achievements yet to come," he added.
Marty Edwards, deputy chief technology officer for the security firm Tenable, testified that CISA's information-sharing partnerships with the private sector are "fairly young" programs with room for improvement. An industrial control systems joint working group the JCDC launched to promote collaboration in securing domestic industrial control systems "needs additional shepherding," he said.
"There's no doubt that the JCDC provides some significant value," Edwards said. "We're eager to continue to work with CISA and all of our partners at the table to improve [the JCDC]."