An Overview of the Joint Cyber Defense Collaborative Priorities

More than two years ago, CISA established the Joint Cyber Defense Collaborative (JCDC) to drive a unified effort across the public and private sectors by partnering in important areas ranging from incident response to building network and national cyber resilience. Each year, CISA and its partners in government and industry pool their insights, expertise, and perspectives to identify collective priorities for the coming year.

Fortinet is proud to be a member of the JCDC and to make a contribution that leverages its more than 20 years of cybersecurity leadership and expertise, including actionable threat research from FortiGuard Labs, the threat intelligence and research organization we established in 2005. FortiGuard Labs continuously monitors the worldwide digital attack surface using mature AI and machine learning (ML) technology to identify cyberthreats and generate actionable responses ranging from digital signatures for security tools to playbooks of adversarial activity for threat analysts. Our collaboration with JCDC is part of our work to help build resilience for individual users, organizations, critical infrastructure sectors, and globally.

Earlier this year, JCDC rolled out its 2024 priorities. The priorities outlined below align with the work Fortinet is doing internally and with partners such as the JCDC.

Defend against Advanced Persistent Threat Operations

During my career with the Office of the Director of National Intelligence, I helped write the intelligence community's annual bellwether description for the U.S. Congress and the public of the most significant threats to our nation's security. The 2023 Annual Threat Assessment outlines the key threats posed by malicious cyber actors, focusing on sophisticated and potentially destructive threats affiliated with the People's Republic of China. With this as the strategic context, it makes sense that JCDC's first priority is to help defend against advanced persistent threat (APT) operations to ensure that we are positioned to protect against destructive cyberattacks designed to cause real-world harm.

In my opinion, many have become complacent about the destructive potential of APT activity because of the lack of broad and visible impact from Russian cyberattacks in Ukraine. Much of the credit for this limited impact is due to Ukraine's skill in countering Russian cyber activity. Still, even while Russian attacks may have been less effective than predicted, every generation of their attack tools has become more sophisticated and automated. And cyber defenders elsewhere cannot rely on being as experienced as those in Ukraine, for whom the cyberattacks accompanying Russia's invasion in 2022 were more a continuation of a decade of destructive activity rather than something novel.

In addition to cyberattack capability, nation-states also have civilian intelligence agencies focused on gaining access and collecting information. The sophistication and clandestinity of these intelligence operations are the hallmarks of APT activity and differ markedly from cyber "shock and awe" attacks that may accompany kinetic operations on a battlefield. CISA and key partners in government and industry, including Fortinet, collaborated to produce an advisory in February 2024 focused on PRC-affiliated groups that blend the sophistication of access and persistent presence together with the potential to launch destructive attacks against U.S. and allied critical infrastructure. These actors maintain a low profile, using "living on the land" techniques and leveraging tools and capabilities already present in a target's IT environment for legitimate purposes rather than installing malware. Given the difficulty of detecting and irradicating such potentially destructive APT activity, it is understandable that JCDC's second priority is updating the National Cyber Incident Response Plan. This strategic-level document can help to harmonize individual organizational and sector cybersecurity and response plans.

Raise the Cybersecurity Baseline

The second JCDC priority is supporting investment in basic cybersecurity programs and practices within critical infrastructure. In particular, CISA has focused the JCDC on helping state and local election officials secure their networks and infrastructure against cyberthreats, on decreasing the impact of ransomware on critical infrastructure, and on making measurable progress toward a world where technology is secure by design and delivered to users in configurations that are secure by default. Fortinet is active in all three of these focus areas.

While the top-of-mind threats to election security now include the physical safety of election officials and detecting and countering mis-, dis-, and malinformation (MDM), cybersecurity remains an important focus area. Elections involve state and local government and typically rely on networks, databases, and secure connectivity provided by the private sector. Fortinet continues to work with election officials across the U.S. to help them secure the infrastructure and data they need to conduct free and fair elections.

Fortinet has numerous products and services that can help critical infrastructure organizations detect and counter ransomware. However, responding to ransomware after it is launched leaves cyber defenders in a reactive position. Fortinet is proud to have been one of the pioneers of Cyber Atlas, a collaborative effort to identify and locate members of the criminal cyber ecosystem, including ransomware groups. This enables governments and companies to move beyond "whack-a-mole" to more systematically disrupt and counter ransomware.

Fortinet's Carl Windsor described in a blog last year how secure by design and secure by default are the linchpins of Fortinet's secure product development life cycle.

Anticipate Emerging Technology and Risks

Improving the ability to anticipate risks brought by emerging technology is the third priority of JCDC. The JCDC focuses on working with the cybersecurity community to support accelerated innovation in cyber defense and reduce the risk posed to critical infrastructure by AI. AI and ML rely on data-more specifically, on big data. While there are niches such as content generation for spear phishing or the MDM information threat to election security where AI asymmetrically favors the attacker, in general, the people who set up and defend a network are positioned to have more data about its operation than attackers approaching it a black box. Through the JCDC, Fortinet works to share insight about AI-powered automation to help educate CISA and critical infrastructure owners about the art of the possible in cybersecurity.

Fortinet-a trusted partner for government and customers alike

While you may think of Fortinet largely as a provider of security and networking solutions, I have attempted to show that its focus is much broader in this blog. The JCDC is one of many partners we are proud to collaborate with, and we are committed to helping the JCDC accomplish these important priorities for 2024.

Public link

Please use the above public link if you want to share this noodl on another website.