CISA releases 2024 priorities for the Joint Cyber Defense Collaborative – CyberScoop

By

The Cybersecurity and Infrastructure Security Agency on Monday released the 2024 priorities for the Joint Cyber Defense Collaborative, an operational-focused government and private collaborative which has faced recent criticism.
The announcement of three broad priorities will mark an alignment of “resources and strategic direction.” In the coming year, the JCDC will focus on: defending against advanced persistent threat (APT) operations, raising baseline protections for critical infrastructure owners and operators, and anticipating emerging technology and risks.
“These priorities will further expand the breadth and depth of our partnership to tackle more challenging, forward-leaning cyber risks that could evolve in the future, not just the immediate risks,” Clayton Romans, associate director at CISA, wrote in an accompanying blog post. “To be clear, JCDC in this context is not a specific team or organization; it represents the collective group of industry and government partners drawn together to drive positive change for our nation’s cybersecurity.”
The announcement also comes amid increasing — but not new — concerns about the effectiveness of the JCDC due to a lack of technical expertise and an overabundance of lawyers. Recent reporting reveals that security researchers are not as active — with one notable researcher Juan Andres Guerrero-Saade calling the JCDC “dead” — in part due to increasing backlash from conservatives over election disinformation efforts, Politico reported.
“When the JCDC first stood up, it was met with a ton of fanfare, but it quickly turned into a cool-club for vendors,” Brian Harrell, a former assistant secretary at the Department of Homeland Security, said in a message to CyberScoop. “It’s high time that CISA provides value to industry by showcasing risk mitigation. They need to go from talking about risk, to reducing it.”
The release also follows a spree of warnings from the federal government about Chinese intrusions into critical infrastructure. Last week, top security officials from the FBI, CISA, and NSA warned that recent Chinese hacking operations are pre-positioning themselves for disruptive attacks on critical infrastructure networks.
Federal IT officials, meanwhile, are also calling for more from CISA. During a panel discussion hosted by a Washington think tank last week, federal IT officials said the agency needs to be faster at sharing information and more aggressive in the standards it sets to mitigate threats.  
At a House hearing last week on securing OT threats in the water sector, cybersecurity experts said that the JCDC is suffering from “growing pains.” CISA has a good strategy, but the tactics tend “to be a bit lacking,” according to Robert M. Lee, CEO and founder of the industrial cybersecurity firm Dragos.
The first priority on APTs — nomenclature that often refers to nation-state hackers — will include the release of an updated National Cyber Incident Response Plan, which outlines the roles and responsibilities of federal agencies during an incident. The update is expected this year and will include “significant changes in policy and cyber operations” since the initial 2016 publication. Additionally, CISA plans to “discover and defend” against attacks by state-backed hackers, particularly China, the announcement noted.
In addition to helping state and local election officials secure sensitive networks, CISA plans to make “measurable” progress in decreasing ransomware attacks against critical infrastructure and the agency’s secure-by-design push. CISA plans to “prioritize operational activities” that can defend and disrupt ransomware attacks. CISA also noted that it will decrease risk posed by AI to critical infrastructure.
“Even as we urgently work to help organizations implement the most effective cybersecurity measures, we know that scalable change requires a fundamental shift in how technology is designed, built, and maintained,” Romans wrote. “We will continue to drive measurable commitments across the technology ecosystem that reduce the number of defective technology products by design and ensure that strong default settings are the norm.”

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *