At a glance.
- US announces formation of the Joint Cyber Defense Collaborative (JCDC).
- The US Coast Guard's new cyber strategy.
- Are ransomware gangs showing signs of fear? (It's unclear.)
- Metaphors of conflict and rules of cyberwar.
CISA announces formation of a Joint Cyber Defense Collaborative (JCDC).
This morning CISA announced that it was forming a Joint Cyber Defense Collaborative (JCDC). The JCDC will be an interagency Federal partnership, a cooperative effort with state, local, tribal, and territorial governments, and, of course, a public-private partnership. Their media advisory explained:
"CISA is establishing the JCDC to integrate unique cyber capabilities across multiple federal agencies, many state and local governments, and countless private sector entities to achieve shared objectives. Specifically, the JCDC will:
- "Design and implement comprehensive, whole-of-nation cyber defense plans to address risks and facilitate coordinated action;
- "Share insight to shape joint understanding of challenges and opportunities for cyber defense;
- "Implement coordinated defensive cyber operations to prevent and reduce impacts of cyber intrusions; and
- "Support joint exercises to improve cyber defense operations.
“'The JCDC presents an exciting and important opportunity for this agency and our partners – the creation of a unique planning capability to be proactive vice reactive in our collective approach to dealing with the most serious cyber threats to our nation,' said CISA Director Jen Easterly. 'The industry partners that have agreed to work side-by-side with CISA and our interagency teammates share the same commitment to defending our country’s national critical functions from cyber intrusions, and the imagination to spark new solutions. With these extraordinarily capable partners, our initial focus will be on efforts to combat ransomware and developing a planning framework to coordinate incidents affecting cloud service providers.'”
"The initial industry partners that are participating in the JCDC include Amazon Web Services, AT&T, Crowdstrike, FireEye Mandiant, Google Cloud, Lumen, Microsoft, Palo Alto Networks, and Verizon. This is only the beginning, as the JCDC will strive to include private sector and SLTT partners from across sectors as our focus areas expand. Government partners include the Department of Defense, U.S. Cyber Command, the National Security Agency, the Department of Justice, the Federal Bureau of Investigation and the Office of the Director of National Intelligence, with Sector Risk Management Agencies joining the effort as we move forward.
The Wall Street Journal sets the JCDC's formation (announced at Black Hat) in the context of recent cyber threats and the US Administration's responses to them, One of the JCDC's private-sector partners, CrowdStrike, emailed us comment from the President of CrowdStrike Services, their CSO, Shawn Henry:
“CrowdStrike is proud to be an alliance partner, and we’re excited to bring our unique expertise to the table on day one. The JCDC will create an inclusive, collaborative environment to develop proactive cyber defense strategies, as well as the ability to implement coordinated operations to prevent and respond to cyberattacks. Continued collaboration between industry and government is critical to thwart today’s sophisticated attacks, and CISA’s initiative to bring the most relevant stakeholders together to defend national security is admirable. CrowdStrike is looking forward to partnering on this critical endeavor.”
USCG’s new cyber strategy.
FedScoop describes the US Coast Guard’s (USCG) updated Cyber Strategic Outlook, a vision first developed in 2015. Among the upcoming changes are additional cyber teams and a new emphasis on defending USCG IT and maritime commerce technology. The service’s 2020 IT modernization project is a distinct but complementary initiative.
Russian cybercriminals’ evolving codes of conduct?
The Record reports hope in the Biden Administration that Russia and the US are progressing towards an understanding of cyber red lines following suspected DarkSide heir BlackMatter’s pledge to avoid critical infrastructure. (BlackMatter told the Record they “will not allow [their] project to be used to encrypt critical infrastructure, which will attract unwanted attention.”)
In reviewing recent noises out of Moscow, Deputy National Security Advisor for Cyber Anne Neuberger noted, “We think we’re seeing a commitment, and we will look to see the actions that follow on that commitment…the proof will be in the pudding.” She said the Administration understood BlackMatter’s promise “as evidence, or perhaps as a sign,” reflecting President Biden’s Geneva warning.
While Neuberger expressed some satisfaction with the growing consensus against Russian cyber mischief, she said work remains to be done on the Beijing front.
Cold Wars, Pearl Harbors, the spectrum of conflict, and the rules of (cyber) war.
Naval information warfare and intelligence leader, Vice Admiral Jeffrey Trussler remarked at a Tuesday speaking engagement, according to Seapower, that “we ought to be having one of those Pearl Harbor moments without the Pearl Harbor” in the near future. He noted the increasingly personal impact of cyberattacks, and called for greater partnership with industry innovators as the Coast Guard rolls out its new cyber strategy. Transportation Department official Karen Van Dyke worried at the same event that GPS is an easy and tempting target, and Deloitte cyber risk manager Ryan Roberts argued for automating security decisions, since eventually “humans are not going to be able to respond quickly enough.”
ZDNet says the cyber cold war is here, and regions like Lithuania and the EU are sharpening their digital swords in regular war games. The EU is also stockpiling diplomatic tools and hardening its defenses through broad regulation that ensures baseline security standards across the bloc.
TechBeacon takes up the question of when cyberattacks qualify as armed attacks and how they fit into existing international agreements, topics NATO attempted to address in the Tallinn Manuals with what the author sees as limited success. (Tallinn 3.0 is expected in 2026.) Major players Russia, Iran, China, North Korea, and Israel sat out the discussions, and ambiguous cases remained ambiguous.
The next norm frontier may concern space attacks, given the US, UK, France, and Germany’s budding space force initiatives, and nations’ game theory compulsion to build first. Natural disincentives stemming from debris—described by astrophysicist Donald Kessler in 1978—should discourage kinetic attacks, leaving interested parties to take up space cyberspace norms.