Shaping the legacy of partnership between government and private sector globally: JCDC

Since 2021, industry and government have come together to forge persistent, trusted relationships that address our nation’s most urgent cybersecurity risks and drive long-term, proactive cyber defense planning. For the Joint Cyber Defense Collaborative (JCDC), collaboration isn’t just an element of our name, it guides everything we do: JCDC’s mission is to unite the global cyber community in the collective defense of cyberspace. 

I’m immensely proud of how far we’ve come, how we’ve navigated challenges hand in hand with partners, and how we’ve operationalized the fundamental belief that we are stronger and more capable together. 

On this third anniversary, I want to recognize JCDC’s partners and supporters across the U.S. government, industry, and the globe—our teammates. You stand in the arena with us and face our most challenging adversaries with agility and resolve. Since our earliest days, beginning with the rapid response to the Log4Shell vulnerability, coordinated actions against the Daxin malware, and to establish Shields Up, we have matured and evolved this partnership.

Currently, JCDC has welcomed more than 340 partners from industry and established over 40 collaboration channels. The vast majority of CISA’s cybersecurity advisories, guides, white papers, and fact sheets published in the last three years included actionable insights and expertise from JCDC partners. JCDC has shared a multitude of artifacts for joint analysis, coordinated cyber defense plans for three ongoing major geopolitical conflicts, and collaboratively executed a dozen other cyber defense plans. 

Some examples of JCDC efforts include the Pipelines Cyber Defense Planning Effort that led to new technical guidance and cooperation for owners, operators, and vendors. The Remote Monitoring and Management Cyber Defense Plan implements a clear roadmap to advance the security and resilience of vendors. JCDC shared key insights for joint products on the People’s Republic of China (PRC) state-sponsored Volt Typhoon cyber threat activity and techniques, which continues to shape the public-private response. Helping to support an administrative initiative, the high-risk communities webpage assembles a wide range of free industry and government resources for civil society organizations at heightened risk of being targeted by cyber threat actors because of their identity or work.

Recently, JCDC.AI spearheaded an AI tabletop exercise where more than 50 experts met to develop effective and coordinated responses to AI security incidents. Participants worked through operational considerations and information-sharing protocols for collaboration during a simulated cybersecurity incident involving an AI-enabled system. From this exercise, JCDC.AI is developing a first-of-its-kind AI Security Incident Collaboration Playbook that will lay the foundation for deeper partnership. 

Like any new team, JCDC has had some growing pains as we evolve, and as we bring in new teammates and learn how to collaborate to address evolving threats and emerging technology. Our JCDC core values of community, initiative, ingenuity, impact, and trust continue to propel this unique partnership between government and the private sector, powering an impact that is greater than its parts. I’m grateful for the contributions and capabilities of every part of JCDC and the ever-growing impact we’re having together. We’re not homogenous, and it’s not always harmonious, but it is the collective willingness to unify and operate with clarity of purpose that empowers JCDC to tackle today’s sophisticated cyber threat challenges.

As we look ahead to JCDC 2024 priorities and beyond, I’m excited about the continued potential of JCDC to drive collective cyber defense, and I can’t wait for what comes next. 

JCDC is a public-private cybersecurity collaborative that leverages new authorities granted by Congress in the 2021 National Defense Authorization Act to unite the global cyber community in the collective defense of cyberspace. CISA welcomes all critical infrastructure organizations and entities with cybersecurity expertise and visibility to participate in our collaboration efforts. For further information about JCDC, visit cisa.gov/jcdc or email cisa.jcdc@cisa.dhs.gov.