The Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC) said this week it will focus on three main priority areas in 2023: systemic risk, collective cyber response, and high-risk communities, according to its 2023 Planning Agenda released on Jan 26.
The planning agenda marks the first time the government and private sector will “develop and execute cyber defense plans” with specific risk reduction goals and more focused collaboration efforts, according to CISA Executive Assistant Director for Cybersecurity Eric Goldstein.
“This level of proactive planning is new; we’ll learn as we go, and we’ll be transparent about our successes and our continued areas of growth, informed as always by the input and feedback from each of our partners in this critical work,” he wrote in a blog post.
Malicious cyber actors continue to target single points of failure in critical infrastructure to gain access. If these actors compromise “lifeline” functions like electrical and water, it could result in cascading impacts and severe impacts to critical infrastructure.
In the 2023 Planning Agenda, the JCDC plans to gain insight to mitigate risks potentially posed by open-source software used in industrial control systems. In addition, the coalition will collaborate with small and medium-sized critical infrastructure entities to advance cybersecurity and reduce supply chain risk with remote monitoring and management, managed service providers, and managed security service providers.
The document also specifies that the JCDC plans to deepen its work with the energy sector in collaboration with the Department of Energy and provide better protection to edge devices used within the water sector, like meters and testing tools.
Collective Cyber Response
Over the years, the government and the private sector have worked together to advance processes and approaches to responding to cyber incidents. However, some plans and doctrines associated with cyber response are severely outdated.
On the 2023 agenda is work by JCDC to lead an effort to update the National Cyber Incident Response Plan (NCIRP), last updated in 2016.
The NCIRP describes a national approach to dealing with cyber incidents. The plan also addresses the role of the private sector, state and local governments, and multiple Federal agencies in responding to incidents and how their actions fit together for an integrated response.
“The updates will include articulating specific roles for non-Federal entities in organizing and executing national incident response activities,” Goldstein stated.
The update also will include changes and lessons learned since the release of the 2016 NCIRP.
Critical infrastructure is a prime target for malicious cyber actors. However, adversaries determined to undermine American values and interests “routinely target high-risk communities, such as civil society organizations that support journalists and cybersecurity researchers,” the agenda document states.
The Planning Agenda explains that the JCDC will strengthen protection for civil society organizations at higher risk of being targeted by foreign state actors through collaborative planning with key government and industry stakeholders.
“We will also maintain flexibility to undertake urgent planning efforts as the risk environment changes, recognizing that agility is foundational to our shared success,” Goldstein said.