Future-proof IT

Three reasons to be bullish on public-private intelligence collaboration

Jan 10, 2023

Any new, complex initiative is bound to attract skepticism, and I’ve seen plenty of it aimed toward CISA’s Joint Cyber Defense Collaboration (JCDC). 

I, however, am optimistic about the mission and the meaning behind JCDC, and the priorities listed in the annual plan the collective released last month reinforce my position. 

Despite the naysayers, the JCDC has promise in three key areas, and there are existing models the 1.5-year-old partnership can draw on to advance its stated aims.

1. Strong, principled leadership

Foremost among the reasons for my optimism is the initiative’s strong leadership. Jen Easterly is an intelligent and credentialled leader who enjoys the support of a large portion of the cybersecurity community. 

Public-private partnerships are nothing new. But they’re often undone by weak leadership, infighting, favoritism, or another of the usual suspects in bureaucratic breakdowns.

When Easterly first announced the initiative at Black Hat in 2021, unveiling a logo paying homage to the band AC/DC (see image above), she pitched to a hacking community commonly distrustful of government initiatives – and doing so successfully by some accounts

A relatively unknown figure then, she has come to be attacked by some and admired by others for her approachable style meant to appeal to the private tech sector whose cooperation she needs. Balancing support from DHS and this sector will not be easy, but Easterly’s pedigree and personality suggest she’s up to the task.

2. An unprecedented opportunity for information sharing

Ultimately, CISA’s highest priority is protecting the 16 critical infrastructure sectors whose "destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof."

It stands its best chance of achieving this directive with the broad backing of the private sector. No single vendor currently offers a silver bullet for cybercrime, so cooperation among them is essential. As each advances its specialty, seeing how forthcoming vendors are with other group members will be interesting.

With the world’s largest security cloud, Zscaler and its ThreatLabz team of researchers will contribute significantly to this effort. Witnessing well over 250 billion security requests daily – or around 15x the traffic handled by the world’s biggest search engine – these threat researchers can share insights unavailable from anywhere else.

3. A real shot at enhanced cooperation

In addition to making our critical infrastructure safer from cyber attacks, the JCDC represents a chance for the private sector to collaborate more meaningfully with the guidance of their public-sector counterparts.

The opportunity to seize on a common language often surrounding misappropriated concepts like zero trust, which has undergone such frequent abuse and misuse that it needs rescuing before it loses its meaning altogether. If President Biden’s executive order on zero trust adoption is to be successful, agencies need to know what they’re striving for.

Recovering the term can’t be achieved by any one partner or agency. Instead, the JCDC can lean on previously established standards and best practices like the CISA’s own Zero Trust Maturity Model and NIST's 800-207 Special Publication on Zero Trust Architecture.

Using these templates, JCDC should be clear about what zero trust means from the organization’s standpoint, spelling out for partner vendors that sloppy definitions will be challenged and ensuring any publications align on a set of agreed-upon standards. Alienating some is a small price for boosting the nation’s critical cyber defense operations and reducing the impact of attacks.

Making it happen in practice

I’ve focused on strengths in the JCDC’s corner. But it doesn’t face significant challenges. From experience working with the Wisconsin Cyber Threat Response Alliance, I know how difficult it can be to separate signal from noise and information-sharing arrangements. Vendor competition can stifle cooperation. Working groups threaten to become a free-for-all.

  1. Begin with information-sharing channels – These will establish baseline relationships among participating vendors and CISA. This contribution is also probably the lightest lift for the participant groups since all are undoubtedly already gathering threat telemetry according to their capabilities and specialties. Here’s where the success of North Dakota’s Joint-Cybersecurity Operations Command Center (J-CSOC) can prove as an invaluable case study in building an effective information-sharing program.
  2. Focus on the back-end makeup for fast, consistent cyber responses – The initial JCDC announcement came just months after the Colonial Pipeline ransomware attack reminded us of the kinetic effects cyberattacks can have on U.S. lives. Every JCDC participant should recognize this effort is ultimately about protecting our critical infrastructure and how to design the right approach to doing so.
  3. Synthesizing best practices for cyber defense – Once it establishes relationships, the JCDC can act as a point of synthesis for vendor-agnostic best practices in detection, protection, and response to cyber threats. The order is important here since immediately honing in on the differences in vendor approaches could alienate some and discourage participation.

JCDC’s mission is not straightforward. It’s a noble aim, with some of the best minds in the cybersecurity industry behind it. The potential upsides are numerous, and our national security is at stake. I am proud Zscaler has decided to play a role.

What to read next

Public sector cybersecurity: We can't afford to leave SLED behind

One nation under zero trust: sizing up the OMB’s cybersecurity memorandum [podcast]