Government , Industry Specific

CISA's Flagship Cyber Collaborative Faces Growing Criticism

US Joint Cyber Defense Collaborative Suffering From 'Growing Pains,' Experts Say
CISA's Flagship Cyber Collaborative Faces Growing Criticism
The U.S. federal government's Joint Cyber Defense Collaborative hasn't been an unqualified success. (Image: Shutterstock)

The U.S. Cybersecurity and Infrastructure Security Agency is failing to use a flagship information-sharing collaborative meant to fuse public and private sector cybersecurity efforts, experts testified Tuesday.

See Also: GovExec: Pillars of Modernization

CISA launched the Joint Cyber Defense Collaborative in 2021 to recruit service providers, infrastructure operators and cybersecurity companies into helping the agency develop and coordinate cyber defense operations and drive collaboration between the federal government and private industry. Three years later, the collaboration - which includes the FBI and NSA as well as tech giants such as Verizon, Google and Microsoft - is suffering through "growing pains," according to Robert Lee, CEO and co-founder of the cybersecurity firm Dragos, a participant in the JCDC.

"The reality is: We're not seeing a lot of success out of [the JCDC] currently," Lee told the House Homeland Security cybersecurity subcommittee.

The criticism comes amid reports that the JCDC is effectively stalled and that program participants are expressing concerns over the increasing political polarization of CISA's election security efforts. A government watchdog urged CISA to improve threat information sharing and stakeholder engagement a year after the agency launched the JCDC, and stakeholders told the Government Accountability Office they require "additional information related to the threats specific to their regions and local infrastructure."

In a statement sent to Information Security Media Group, Eric Goldstein, CISA's executive assistant director, hailed the JCDC for building "a new model of persistent collaboration" with more than 200 companies participating across its platforms. Goldstein said the JCDC has produced nearly 50 advisories that reflect industry input and has led "multiple joint planning efforts to address our most significant risks."

"Building partnerships is often complicated, and we're continually working to optimize this model," Goldstein said. The agency is "seeking and incorporating feedback at every turn."

"We're proud of what we've accomplished over the past three years, and even more excited for our shared achievements yet to come," he added.

Marty Edwards, deputy chief technology officer for the security firm Tenable, testified that CISA's information-sharing partnerships with the private sector are "fairly young" programs with room for improvement. An industrial control systems joint working group the JCDC launched to promote collaboration in securing domestic industrial control systems "needs additional shepherding," he said.

"There's no doubt that the JCDC provides some significant value," Edwards said. "We're eager to continue to work with CISA and all of our partners at the table to improve [the JCDC]."

About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.