Blog

United in Cyber Defense: A Model for Operational Collaboration

Released

By Executive Assistant Director for Cybersecurity, Jeff Greene

CISA in Focus - United in Cyber Defense: A Model for Operational Collaboration

At CISA, collaboration is the foundation of our mission. In our interconnected world, securing our nation’s critical infrastructure requires the collective effort of government, private sector, and international partners. 

Operational collaboration is the engine driving these efforts. Done right, it brings together partners from diverse backgrounds to achieve what no single entity could accomplish alone. This broad network of expertise allows us to understand and share the best threat information, strategic guidance, and cybersecurity practices that address risks at scale. In addition to synchronizing the national response to major cyber incidents and campaigns, these partnerships also enable better prevention, resilience, and long-term defense. 

Ongoing Information Exchange and Outreach 

Our collaboration efforts are field tested almost every day. From the geopolitical tensions surrounding Russia’s invasion of Ukraine and the early 2024 vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways, to the CrowdStrike global outage and ongoing campaign activity from malicious cyber actors affiliated with the People’s Republic of China, collaboration across the public and private sectors has been a game changer for homeland defense. In each situation, we worked side-by-side with partners to share information and actionable guidance to help unify our collective defense against cyber threats. For instance, in advance of Russia’s invasion of Ukraine, CISA launched the Shields Up campaign to help prepare our industry, State, and local partners for potential threats. We began a comprehensive outreach campaign that included dozens of classified and unclassified briefings, produced several joint advisories, alerts, and other information products. We exchanged critical technical information with key partners to ensure they were prepared to protect their systems from potential Russian state-sponsored cyber activity. Separately, when dealing with the Ivanti vulnerabilities, our collaboration resulted in the publication of novel threat information, which we released in a Cybersecurity Advisory that included input from several private sector partners.

Beyond high-profile campaigns, our day-to-day collaboration produces tangible results. We work closely with experts to address systemic vulnerabilities, respond to ongoing threats across multiple platforms, and share indicators of compromise and tactics, techniques, and procedures related to malicious activity and actors. This information sharing helps CISA and our partners proactively identify risks, coordinate responses, and develop mitigation strategies. Daily collaboration with our partners has also made it possible for us to stall or circumvent malicious activity, as seen during the ESXIArgs ransomware campaign when CISA released a recovery script for entities encrypted by the threat actor. 

Sharing Critical Cybersecurity Insights: Advisories, Alerts, and Publications

Working with our partners, CISA has led the global community into a new model for producing world-class cybersecurity guidance. Leaning on operational collaboration through the Joint Cyber Defense Collaborative (JCDC), our joint products deliver timely, authoritative, and actionable information and resources for cyber defenders.  

In 2024, CISA released over 1,300 products, including cyber defense alerts, advisories, and other content. Over 90% of our Cybersecurity Advisories were jointly sealed with our partners. Notably, through the JCDC we co-sealed products with a number of new CISA partners, including the Czech Republic, Poland, Ukraine, Estonia, Finland, and Sweden. With our NSA and FBI partners, we were also able to co-seal documents and further our already robust collaborative efforts with our cybersecurity counterparts in the UK, Canada, Australia, New Zealand, Germany, the Netherlands, Japan, Singapore, and France, among others. These publications provide organizations with critical insights and actionable recommendations to bolster the defenses of critical infrastructure world-wide.

Driving Cyber Resilience Through Prevention 

Our partnerships make it possible for us to enhance our collective cyber posture by focusing on preparedness and prevention efforts. Through CISA-led tabletop exercises and technical exchanges, as well as the development of cyber defense plans, we have been able to raise the collective cyber posture across sectors. We routinely lead technical exchanges with our partners to harmonize public and private responses to complex threats, like countering ransomware actors or thwarting advanced persistent threat campaigns. We also hosted six technical exchanges and led two tabletop exercises in 2024 alone with the open-source software (OSS) community. The tabletop exercise was created by CISA after the CISA OSS Security Summit in March and put to the test for a second time at the Apache Foundation’s Community Over Code conference in October.  

Furthermore, since 2021, CISA completed the development of 12 cyber defense plans tailored to specific risks, including:

  • Remote Monitoring and Management (RMM) Security: Partnering with industry experts, we worked to create an RMM Cyber Defense Plan to enhance the security of RMM tools, which are widely used in IT infrastructure. These efforts focused on improving detection capabilities and securing the remote management tools that are critical to many organizations’ operations.
  • Cyber Defense for Geopolitical Crises: In collaboration with federal agencies and industry partners, we developed cyber defense plans tailored to specific geopolitical risks, such as conflicts involving Israel and threats tied to China. These plans provide a framework for organizations to safeguard their operations during times of heightened international tension and work with government partners in unified response.
  • Artificial Intelligence (AI) Security: More than 150 AI and cybersecurity experts from government, industry, and critical infrastructure participated in two tabletop exercises to simulate and address AI-security incidents, providing critical insights that shaped the playbook. Recognizing AI’s transformative potential and inherent risks, we launched an initiative culminating in the AI Cybersecurity Collaboration Playbook—a practical guide for public and private organizations facing AI-driven cyber incidents. 
  • OSS Security: Using the lessons learned from the aforementioned Open-Source technical exchanges and tabletop exercises, we developed an Open Source Software Security Roadmap to foster public-private collaboration to address OSS vulnerabilities and enhance the security of widely used software, guiding stakeholders toward best practices that protect both developers and end users.

These joint initiatives are not isolated efforts but part of an ongoing strategy to ensure that cyber defenses evolve in tandem with the threat landscape. You can visit our Success Stories webpage to read more examples of how our collaboration with partners is leading to actionable insight and tangible results.

Empowering Communities with Cybersecurity Resources

CISA’s commitment to collaboration also extends to include regional engagement. Our field teams, which include cybersecurity, protective security, and election security advisors, are embedded across the nation, offering support and services directly to state and local organizations.

In 2024, more than 2,300 organizations took part in our Cyber Hygiene program, which includes services like vulnerability scanning, cyber hygiene, assessments, and training programs. These programs help organizations, from small businesses to critical infrastructure operators, bolster their security measures and build resilience from the ground up. 

The strength of our partnerships is our greatest asset. None of our achievements would be possible without the dedication and trust of the organizations and individuals we work with. Together, we are building a more secure cyber ecosystem, ensuring the safety and resilience of the critical infrastructure that powers our daily lives.

DISCLAIMER

The information in this blog post is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.