Panel advises CISA on how to improve industry-government collaboration project
A Cybersecurity and Infrastructure Security Agency initiative to enhance collaboration between government and industry should avoid policy distractions, establish a physical meeting space and create a “smart Rolodex” for identifying potential partners, according to a CISA advisory panel.
CISA’s Cybersecurity Advisory Committee on Wednesday adopted recommendations for improving the Joint Cyber Defense Collaborative (JCDC), a three-year-old project to share cybersecurity data between government and the private sector that has faced persistent complaints among some that the initiative has featured lackluster information sharing, a decline in participation and organizational problems.
Before producing its recommendations, the advisory panel spoke to a “good subset” of the more than 300 partners in the joint collaborative project, said Ron Green, chair of the subcommittee that produced the report and Mastercard’s former chief security officer and a current fellow at the company.
“Overwhelmingly there’s full support of what the JCDC is doing,” Green said. “Stakeholders did help provide us with some feedback to come up with our recommendations and it was generally more of a, ‘what can we do to crank it to 10 or 11 from where we are now?’ versus ‘there’s a lot of bad stuff going on here.’”
The three recommendations suggest that JCDC should focus on “operational cyber defense” — that is, collaboration that can assist on active or potential cyber incidents. “Sometimes it could be pulled into working on policy, which might not be the best for what the JCDC is,” Green said.
The people the advisory panel spoke to also said it would be good to have a physical meeting place to collaborate rather than just virtually, Green said, prompting the second recommendation to create such a space.
And another key point of feedback was that JCDC is a good resource for figuring out how to get ahold of the most helpful companies in a given situation, he said, prompting the recommendation about creating a “smart Rolodex.”
CISA Director Jen Easterly said at Wednesday’s meeting that she welcomed the recommendations.
“I knew it was going to be hard and it will remain hard, simply off the back of the scale of the ambition,” she said of the JCDC. “We’re asking companies, some of whom are natural competitors, to come together and to share information.
“We’re asking for companies who are used to working with the government just through government affairs, or through lawyers, to bring their technical and operational folks to the table,” she continued. “We’re asking for companies to not just respond to crisis but to actually do cyber defense planning on the most serious threats.”
