The Cybersecurity and Infrastructure Security Agency (CISA) issued 2024 Priorities today for its Joint Cyber Defense Collaborative (JCDC) – aligning its priorities for the first time under three focus areas to help establish resources required and strategic direction.
The JCDC – established by Congress in 2021 – aims to reduce cyber risk through continuous operational collaboration between trusted partners in the public and private sectors.
“Today, we’re glad to publish our 2024 Priorities,” Clayton Romans, the associate director of the JCDC wrote in a blog post on Monday. “These priorities will further expand the breadth and depth of our partnership to tackle more challenging, forward-leaning cyber risks that could evolve in the future, not just the immediate risks.
“To be clear, JCDC in this context is not a specific team or organization; it represents the collective group of industry and government partners drawn together to drive positive change for our nation’s cybersecurity,” Romans added.
The three focus areas include: Defend Against Advanced Persistent Threat (APT) Operations, specifically those that target critical infrastructure sectors; Raise the Baseline, referring to improving the cyber posture across critical infrastructure entities; and Anticipate Emerging Technology and Risks, such as AI-related threats.
The six JCDC priorities, aligned with the three focus areas, call out specific topics for increased attention:
- Discover and defend against malicious abuse by APT actors, particularly those backed by the PRC, on and against U.S.-based infrastructure;
- Prepare for major cyber incidents;
- Help provide state and local election officials with information and tools to help secure their networks and infrastructure against cyber threats as part of CISA’s broader election security efforts;
- Measurably decrease the impact of ransomware on critical infrastructure;
- Make measurable progress toward a world where technology is Secure by Design; and
- Decrease risk posed by AI to critical infrastructure.
CISA said the priorities are not the agency’s alone, but they reflect shared goals across the private and public sectors. The six priorities build on the JCDC’s 2023 Planning Agenda.
“I am incredibly proud of this collaborative team and what we have accomplished, overcoming many obstacles to meet the demands of the ever-evolving cyber threat landscape,” Romans said. “Through JCDC, CISA looks forward to furthering this work with our partners across government and private sector to tackle some of the most significant cyber risks facing our country in 2024.”
The 2024 Priorities come after top Federal IT experts last week said the JCDC holds a lot of promise, but is “still in its infancy” with program kinks to be worked out.
For instance, Jeff King, the principal deputy chief information officer at the Treasury Department, noted that the JCDC “may be spread across a lot of different initiatives where we need more distinct focus on specific things.”
The Department of Veterans Affairs’ Deputy Chief Information Security Officer and Executive Director of Information Security Operations, Jeff Spaeth, added that his agency would like to see faster information sharing from CISA’s JCDC.
“One of the things that we would like to see a little bit more of is when they get notified by some of these major vendors – and I’m not saying they don’t pass the information along, but sometimes it takes a while to get down – for some of that really in-depth technical pieces instead of, ‘Hey, this was a compromise,’” Spaeth said.
“I don’t think the theory of the JCDC is bad at all. I think it’s still in a very infantile state,” Spaeth added.
