JCDC Success Stories
In its short history, JCDC has unified cyber defense between industry and government to improve information sharing, planning efforts for large-scale cyber events, and collaborating on enhanced cyber threat guidance. This collaboration has allowed us to enhance the way government and industry work together to coordinate on cyber operations, ensuring that actions are informed and actionable. Examples include improving information sharing and threat mitigation, coordinating on cyber playbooks, expediting updates to the Known Exploited Vulnerabilities Catalog, as well jointly developing alerts and advisories to better inform and protect the cyber community on cyber threats and vulnerabilities, threat actor tactics, and detection and mitigation guidance.
See below to learn about other notable examples of JCDC’s operational collaboration leading to real insight and action.
Ahead of the 2024 Olympic and Paralympic Games in Paris, JCDC supported CISA’s proactive steps to strengthen U.S. private sector connections and increase information sharing to counter potential cyber threats. To further promote cybersecurity during the Games, CISA connected U.S. Olympic-affiliated industry partners with key French counterparts. CISA also established monitoring channels and launched cyber threat information-sharing forums in the event of a significant cyber incident. JCDC industry partners remained vigilant throughout the Games to alert CISA to any potential impacts to Olympic and Paralympic activities, which CISA could then promptly share with the French Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) for action.
This collaboration and information sharing between CISA, JCDC partners, and ANSSI embodies JCDC’s mission of uniting the global cyber defense community in the collective defense of cyberspace. This partnership further demonstrates the value of voluntary information sharing to build trust and collectively safeguard critical infrastructure in a rapidly evolving threat landscape. We commend ANSSI for their hard work in defending this historic event and we are committed to strengthening our global partnerships.
On July 19, 2024, an IT outage due to a CrowdStrike software update impacted government, critical infrastructure, and industry across the globe—disrupting airline flights, hospital operations, banking transactions, and more. CISA collaborated closely with CrowdStrike, a JCDC partner, to share information about the outage. Supported by JCDC, CISA and CrowdStrike quickly met with over 1,000 federal agency representatives virtually to provide mitigation guidance, warn of the potential for malicious actors to exploit the outage, and answer questions. JCDC’s ability to rapidly convene industry and government partners enabled CrowdStrike to disseminate key information that helped expedite mitigation efforts for affected U.S. government systems.
JCDC partners contributed substantial support, technical insights, and key findings to three significant guidance documents CISA published as part of our Volt Typhoon cyber defense planning initiative earlier this year. CISA assesses that Volt Typhoon, a People’s Republic of China (PRC) state-sponsored cyber threat group, seeks to compromise and maintain access to U.S. critical infrastructure using living off the land (LOTL) to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure.
On February 7, 2024, CISA published the joint Cybersecurity Advisory (CSA) PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure and supplemental joint guidance Identifying and Mitigating LOTL Techniques. The CSA provides an overview of Volt Typhoon activity and urges organizations to implement the identified mitigations. The joint guide provides network defenders information on how to hunt for Volt Typhoon LOTL infiltration of their systems. On March 19, 2024, CISA also released a supplemental fact sheet, PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders, with tailored, digestible guidance for leaders of critical infrastructure organizations.
CISA developed these products to bolster nationwide efforts to combat Volt Typhoon operations, consistent with one of JCDC’s 2024 priorities: defend against advanced persistent threat operations. These products generated broad interest, as evidenced by web traffic. The February CSA was CISA’s most viewed advisory in the first half of 2024, and the fact sheet received the most views in its product line for the first three months of its release.
Countering Volt Typhoon’s effort to infiltrate the nation’s critical infrastructure is a top priority for CISA, and JCDC partners have strengthened our ongoing cyber defense planning efforts with their expertise and commitment to operational collaboration.
In April 2024, CISA launched the High-Risk Communities webpage to bolster the digital security of communities that advance democracy and human rights. The product of a year-long planning effort between over 45 industry, interagency, and civil society partners, this new webpage includes a suite of cyber hygiene guides for non-technical users, a collection of cybersecurity tools and services, and information on cyber volunteer programs targeted for high-risk communities. Through this effort, CISA and JCDC are not only raising the cybersecurity baseline by extending cybersecurity resources to under-resourced communities (whom play a critical role in advancing democracy), but also forging new partnerships with a diverse array of civil society and industry participants that contribute to the cyber ecosystem. These partnerships are a critical part of JCDC’s mission to unite the global cyber community in the collective defense of cyberspace.
What JCDC Participants are saying
“Collaborating with JCDC, we recognize a unique and profound responsibility that extends beyond our corporate boundaries. This public-private partnership is not just an opportunity to enhance national cybersecurity; it’s a commitment to protect and support high-risk and vulnerable communities, including human rights groups, journalists, and dissidents.” – Authentic8
“When JCDC reached out to us about an initiative focused on protecting vulnerable communities online, we were excited to help make resources more accessible from a trusted voice…We hope that other governments can see these efforts on providing protections to vulnerable communities as a model for effective collaboration.” - Cloudflare
Since March 2023, JCDC participants have engaged in collaborative planning to address risks posed by threat actors to remote monitoring and management (RMM) platforms. RMM software continuously monitors a machine or system’s status and health and enables remote administrative functions. Threat actors exploit RMM platforms to gain footholds into servers and customer networks, including small and medium-sized organizations that support our national critical infrastructure.
JCDC participants, including 11 industry participants (ANB Bank, CNWR Inc, ConnectWise, Corporate Information Technologies, CompTIA Information Sharing and Analysis Organization, CyberRx, ISC2 Inc, Huntress, Kaseya, N-able, and the Open Group) and three federal participants (Department of Homeland Security, Department of Treasury, and the Office of the Director of National Intelligence) contributed to the JCDC RMM Cyber Defense Plan (published in August 2023). The plan encourages collective action across the RMM community to enhance information sharing, increase visibility, and fuel creative cybersecurity solutions. Moreover, it focuses on educating RMM end-user organizations on the risk to RMM infrastructure while providing guidance on how to promote security best practices moving forward.
In February 2024, JCDC participants shared evidence of an active exploitation of ConnectWise’s ScreenConnect product with CISA, triggering early coordination with the private sector that led to CISA adding CVE-2024-1709 to the Known Exploited Vulnerabilities Catalog.
JCDC’s RMM planning efforts also resulted in:
- the development of a new data normalization process for RMM vendor partners to enhance digital forensics and incident response in coordination with CISA;
- increased awareness of and registration in CISA’s free cybersecurity services;
- and new Secure by Design pledge signatures from RMM entities.
Although the formal planning effort concluded in April 2024, an enduring operational community will ensure JCDC participants and the RMM community continue to organize and support efforts that raise the cybersecurity baseline for RMM platforms and safeguard against preventable intrusions.
Earlier this year, CISA marked its first anniversary of the Secure by Design initiative, the agency’s effort to shift more responsibility of security from end users to technology manufacturers. The initiative’s inaugural joint guide, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default, and its subsequent update, were shaped by inputs from hundreds of JCDC participants and others, including individuals, companies, and trade associations. These resources emphasize the importance of integrating security measures during the initial development of widely used software. Following the update in October 2023, the Secure by Design initiative has yielded six Alerts, focusing on topics such as directory traversal vulnerabilities, eliminating default passwords, small office/home office routers, and Structured Query Language (SQL) injection vulnerabilities. Additionally, more than 140 of the world’s leading software manufacturers have committed to designing products with greater security built in through signing CISA’s pledge.
CISA, JCDC participants, and pledge signees are raising the cybersecurity baseline by actively promoting a cultural shift within the software industry through the Secure by Design initiative. The goal is for manufacturers to prioritize the development of technology products that are secure out of the box, which can help protect against attempts by malicious cyber actors to gain access to devices, data, and connected infrastructure.
The success of this initiative exemplifies JCDC’s dedication to enrichment and the timely development of other joint cybersecurity guides, advisories, and alerts. These resources benefit cybersecurity experts, organizations, and the broader community by providing measurable and actionable recommendations for making software secure by design. Visit Secure by Design to learn more about the initiative’s principles, stay informed on the latest Alerts, or take the Secure by Design Pledge.
In response to the exploitation of multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways by different cyber threat actors, Ivanti, Volexity, and Mandiant collaborated with CISA, resulting in the release of a February 2024 joint Cybersecurity Advisory. CISA led red team testing of at-risk Ivanti devices to deliver unique insights into the validity of the vendor’s guidance and integrity checker tooling. Additionally, CISA released Secure by Design principles for edge device vendors. The coordination between JCDC public and private sector participants placed timely updates in the hands of our nation’s cyber defenders (especially federal, state, local, tribal, territorial, and critical infrastructure entities), assisting with defense operations against advanced persistent threats. Notably, the teamwork between industry and government led to CISA releasing multiple publications on the exploitation of common vulnerabilities and exposures, as well as providing notifications to vulnerable entities. This coordinated response highlights the real-world impact of bi-directional information sharing and underscores how contributions from industry are instrumental in defending our national cyberspace from emerging and evolving threats.
JCDC participants shared valuable feedback on CISA’s joint Secure by Design product, “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default.” This collaborative product incorporated inputs from hundreds of JCDC participants, including individuals, companies, and trade associations, and JCDC participants who attended a JCDC focus group at DEFCON 2023. Initially published in April 2023, this product was one of 254 unique CISA products shared with JCDC participants and international partners in 2023.
In October 2023, CISA and 17 other U.S. and international organizations, including the Federal Bureau of Investigation (FBI) and National Security Agency (NSA), published an updated version, “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software.” The updated version included contributions from multiple JCDC participants and emphasized the need to prioritize designing security measures during the initial development process of widely used software. JCDC participants, together with CISA, are actively involved in promoting a cultural shift within the industry to emphasize building robust technology products to reasonably protect against malicious cyber actors’ attempts at gaining access to devices, data, and connected infrastructure. This product is an example of JCDC’s dedication to joint enrichment and development of timely cybersecurity guides, advisories, and alerts to benefit cybersecurity experts, cybersecurity organizations, and the broader community.