CISA JCDC Will Focus on Energy Sector

The CISA ‘s Joint Cyber Defense Collective (JCDC) initiative is going to build operation plans for protecting and responding to cyber threats.

What comes to mind when you think of cyber criminals? Depending on who you ask, you’ll get a variety of answers. For some, a cyber criminal matches some of the Hollywood tropes: a person sitting alone in a dimly lit room, furiously mashing on a keyboard to steal information from a person or company.

Those days are behind us, however, as cybercrime is establishing itself as a business in and of itself. Cyber attack instances are steeply rising across all sectors, leaving even the FBI to issue a bulletin about business email compromise (BEC) – the $43 billion scam.

Taking note of the pervasive threat landscape, the US government has devoted more resources to building a team to protect citizens and businesses. This effort began with the 2018 establishment of the Cybersecurity and Infrastructure Security Agency (CISA), a Department of Homeland Security division.

Going one step further, in 2021, the CISA announced the formation of the Joint Cyber Defense Collective (JCDC), an initiative formulated to bring government and private industry representatives together to build operation plans for protecting and responding to cyber threats.

The JCDC has seen the benefits of collaboration for exigent risks (such as the heightened awareness and protection related to Russia’s invasion of Ukraine and the Log4Shell vulnerability) but sees a remaining gap when it comes to imminent risk. To address this gap, the JCDC is planning proactive measures for future cyber risks.

The backbone of this planning is the JCDC’s 2023 Planning Agenda. The aim of the Agenda is to leverage the expertise of public and private sector members to develop and launch defense plans focused on risk reduction.

2023 Planning Agenda

The inaugural 2023 Planning Agenda will focus on three key topics:

Collective Cyber Response

JCDC will update the National Cyber Incident Response Plan in collaboration with the FBI, including outlying roles for non-federal units for incident response.

Systemic Risk

Cybercrime is a broad-reaching threat relevant to both individuals and organizations. The allure of a significant payday from successful cyber attacks on businesses means bad actors have a vested interest in innovation and taking substantial risks to reap their rewards. JCDC will map systemic risk and response by accounting for the following:

• Understanding inherent risks posed by open-source software used for industrial controls
• Reduce supply chain risk in critical infrastructure by employing remote monitoring, managed service, and managed security providers.
• Strengthen operational integration and collaboration with members of the energy sector.
• Enhance security and resilience, thereby mitigating risk to edge devices within the water sector.

High-risk Communities

Certain sectors are considered high-risk, and the JCDC will lead planning efforts with key stakeholders to form a cyber defense plan. These high-risk communities include civil organizations that support journalists, and cybersecurity researchers targeted by bad actors in foreign states.

Cyber Risk in the Energy Sector

Public utilities have been put to the test as attacks by bad actors have risen sharply in recent years. Q3 ‘22 saw a record number of attacks on the energy market, a trend that is not expected to slow down.

Threats to the utility sector were thrust into the spotlight in 2021 when the Colonial Pipeline was hacked by cybercriminals abroad. While the Colonial Pipeline incident was among the highest-profile utility hack, the power grid has come under attack as well.

In Moore County, North Carolina, a successful attack on an electrical substation left thousands of people without power for a week. Not long after, attackers targeted six stations in the Pacific Northwest. Couple these incidents with ongoing issues resulting from changing weather patterns, and it’s clear that utility infrastructure – physical and cyber – needs attention.

CISA has announced that the JCDC will launch planning efforts to scale support for state, local, tribal, and territorial entities. The priority will be to support small and midsize critical infrastructure and partner with governmental and private sector representatives to reduce risk and design a rapid response protocol in case of incidents.

JCDC admits that the level of proactive planning in their endeavor is new, and the organization has committed to transparency, communication, and being guided by input and feedback from contributing partners. Agility is paramount as JCDC learns and develops along the way while adjusting its approach to the changing cyber threat landscape.

About the Author: Michael Sanchez, CEO (CISA), has over 35 years of experience in information technology, cybersecurity, physical security, risk, compliance, and audit. He is the former head of Commercial Cybersecurity and Compliance for a large global management consulting firm and is experienced in successfully scoping and advising on projects of all sizes and complexity.  In other past roles, Michael managed IT and OT for a $12-billion energy corporation, assisted in the IT rebuild and redesign for a large power generation company, and served for 12 years as a board member for FBI InfraGard Houston, helping to facilitate the sharing of information related to domestic physical and cyber threats.  He currently serves on two ASIS International steering committees (Utilities Security and Critical Infrastructure) and is a member of the Forbes Technology Council.

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

• The Teacher – Most Educational Blog
• The Entertainer – Most Entertaining Blog
• The Tech Whizz – Best Technical Blog
• Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)