joint cyber defense collaborative (JCDC) (noun)
Rick Howard: The word is: JCDC.
Rick Howard: Spelled: J for joint, C for cyber, D for defense, and C for collaborative.
Rick Howard: Definition: A cyber information sharing U.S government organization designed to foster the public private partnership.
Rick Howard: Example sentence: Congress mandated CISA stand up the JCDC to create an interagency hub where companies can work with the government to both plan for potential cyber threats and work together to respond to large scale attacks.
Rick Howard: Origin and context: Created by the U.S Government’s Cybersecurity and Infrastructure Security Agency, CISA, in 2021, the Joint Cyber Defense Collaborative JCDC is a public private volunteer cyber security initiative whose members include government, industry, and academia. Its mission is to unify cyber defenders worldwide, to drive down risk, and strengthen the nation's cyber posture. Jen Easterly, the CISA director at the time, created the organization and outlined four strategies. Information sharing about best practices, cyber defense plans coordination, joint cyber exercises, and new cybersecurity technology development.
Rick Howard: Early JCDC success stories center around how the U S government coordinated the national response to the log4j crisis at the end of 2021 and the potential cyber activity resulting from Russia's full scale invasion of Ukraine early in 2022, that said, there has been some criticism. Journalists point to the existence of many other cyber information sharing organizations that the government either runs itself or as a primary partner. And that doesn't even include the roster of other ISACs, Information Sharing and Analysis Centers, ISAOs, Information Sharing and Analysis Organizations, and FIRSTS, Forums of Incident Response and Security Teams, that run independently. Couldn't CISA just plug into one of those? Did the U.S government really need another one? And since there is no clear charter or criteria for membership, the purpose of the JCDC is ambiguous compared to other information sharing organizations, with that in mind, in 2023, CISA published the JCDC planning agenda that includes projects for reducing systemic risk, collective cyber response, and the defense of high risk communities.
Rick Howard: Nerd reference: In 2021, the current CISA director Jen Easterly addressed members of the National Technology Security Coalition, NTSC, and talked about the JCDC initiative.
Jen Easterly: As some of you might know, we recently launched what we call the Joint Cyber Defense Collaborative, or JCDC. This was established as part of the NDAA, as a Joint Cyber Planning Office. I didn't want to call it the JICPO, because it didn't sound very good, and JCDC is actually more appropriate and sounds cooler. It's uniquely the only federal cyber entity that by statute brings together the talents, the authorities, the capabilities of the federal cyber ecosystem. So CISA, but NSA and FBI and Cybercom and the Department of Defense and the Office of the Director of National Intelligence, together with the incredible power of industry to create a common operating picture of the threat environment, to enable us to plan and exercise against the most serious threats to our nation, and then to implement coordinated whole of action cyber defense plans. So the idea is to create a proactive capability for the government and the private sector to work together closely before an incident occurs.
Rick Howard: Word Notes is written by Rick Howard, executive produced by Peter Kilpe, and edited by John Petrik. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. We're privileged that N2K and podcasts like WordNotes are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sectors, as well as the critical security teams supporting the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies. N2K strategic workforce intelligence optimizes the value of your biggest investment, people. We make you smarter about your team while making your team smarter. Learn more at N2K.com and thanks for listening.