JCDC’s strategic shift: Prioritizing cyber hardening

In this Help Net Security interview, Geoffrey Mattson, CEO of Xage Security, discusses the evolution of the Joint Cyber Defense Collaborative (JCDC) since its 2021 inception and tackles its 2024 strategic priorities in response to escalating cyber threats.

He elaborates on JCDC’s strategies against APT operations, initiatives to enhance cybersecurity in critical infrastructure, support for election security, and the Secure by Design initiative.

How has the JCDC evolved since its establishment two years ago, and what are the key factors driving its strategic direction in 2024?

JCDC has undergone significant evolution since its inception in 2021. While the overarching mission of safeguarding our national security remains the same, the urgency has heightened considerably. The cybersecurity landscape has shifted to new frontiers in just the last few years. For 2024, the prevailing theme across its current priorities is cyber hardening and bracing for impact.

This shift in focus is driven by the escalating threat landscape, marked by an increase in major cyber incidents and ransomware attacks targeting critical infrastructure—which can have devastating consequences for everyday people. The key factors driving the strategic direction include the need to prepare for significant cyber incidents, raise the cybersecurity baseline across critical infrastructure entities, measurably decrease the impact of ransomware, and foster a world where technology is Secure by Design.

An important focus area for 2024 is to defend against APT operations, particularly those affiliated with the People’s Republic of China. Can you elaborate on the specific strategies JCDC employs to counter these threats?

In countering APT operations, particularly those associated with the People’s Republic of China, JCDC will employ a multifaceted approach. Specific strategies include collaborating with interagency and private sector partners to strengthen the ability of critical infrastructure sector organizations to prepare for and respond to future malicious activity on their networks, including activity utilizing living off the land techniques.

In the context of raising the cybersecurity baseline, what initiatives are being prioritized to improve the cybersecurity posture of critical infrastructure entities?

JCDC is prioritizing initiatives aimed at improving overall security posture. Making a concerted action to measurably decrease the impact of ransomware attacks on critical infrastructure and make measurable progress toward ensuring all technology is Secure by Design, which involves integrating cybersecurity into technology products from the outset.

Last year, Secure by Design launched a new series of products, Secure by Design Alerts, which aim to raise awareness of malicious cyber activity against web management interfaces. The most recent alert was to encourage technology manufacturers to actively eliminate the risk of default password exploitation. JCDC and CISA have also developed a recovery response plan and are actively incorporating the threat of AI into strategic planning initiatives.

How is JCDC assisting state and local election officials in securing their networks and infrastructure against cyber threats, and what role does this play in the broader national election security efforts?

JCDC will provide state and local election officials with essential information and tools to fortify their networks and infrastructure against cyber threats. This will be done through collaboration, planning, and information sharing among industry partners, interagency partners, SLTT entities (state, local, tribal, and territorial), and vendors.

In the broader context of national election security efforts, JCDC’s support is a significant step towards safeguarding the integrity of the electoral process. By empowering state and local election officials with the necessary resources and knowledge to fend off cyber threats, every citizen can exercise their right to vote without the risk of their data being breached or manipulated.

Can you discuss the ‘Secure by Design’ initiative and how JCDC is working to drive measurable commitments across the technology ecosystem to reduce cybersecurity risks?

CISA Secure by Design principles fundamentally changes how technology is designed, built, and maintained. The goal is to ensure that cybersecurity is integrated into the core of technology products from the outset and into the entire technology development life cycle rather than being an afterthought. This approach aims to reduce the number of defective technology products and promote strong default security settings as the standard across the technology ecosystem.

Last year, CISA published the Secure by Design Alert series. These alerts identified common vulnerabilities and guided how to fix them. CISA is committed to continuing the publication of these alerts to ensure that the latest insights and recommendations are shared with the technology community. This year, these alerts will include detecting malicious abuse by APT actors.

While Secure by Design is a crucial concept, it is more challenging for legacy companies to adopt than new security companies. In other words, getting the toothpaste back in the tube can be hard, but this must be done to protect the business, customers, and America.

Another focus area involves anticipating risks associated with emerging technologies. How is JCDC working to decrease the likelihood and impact of AI-related threats and vulnerabilities to critical infrastructure?

JCDC and CISA have developed a roadmap for AI. It’s a comprehensive plan aligned with the national AI strategy to ensure robust protection against cyber threats and deter malicious use of AI while still promoting its beneficial uses. CISA and the United Kingdom’s National Cyber Security Centre (NCSC) have recently taken a significant step. They released Guidelines for Secure AI System Development, developed with 21 other global agencies, including members of the Group of 7 major industrial economies. These guidelines are centered around Secure Design and serve as a blueprint for developers to make informed cybersecurity decisions throughout the AI system’s development, deployment, and operation.

Looking beyond 2024, what are JCDC’s long-term goals, and what challenges do you foresee in the evolving cyber threat landscape?

JCDC was established to bring together private sector and government partners to address urgent cybersecurity risks and to pioneer forward-looking proactive planning. Extending the scope and intensity of collaboration between industry and government partners will continue to be the goal. However, confronting the increasingly complex and anticipatory cyber threats, not just the immediate ones, will be a significant focus moving forward.

Challenges in the evolving cyber threat landscape include the rapid pace of technological change, the sophistication of cyber adversaries, the interconnected nature of global networks, and the need for adaptive and agile cybersecurity strategies to stay ahead of emerging threats.