America enlists Big Tech to help it develop and execute cyber security plans
Players in ‘Joint Cyber Defense Collaborative’ include Microsoft, AWS, and Google
The United States' Cybersecurity and Infrastructure Security Agency (CISA) has announced the "standup" of a body called the "Joint Cyber Defense Collaborative" (JCDC) that it hopes will spark ideas for new and improved national responses against electronic threats.
The aim of the effort is to get the private sector working alongside government agencies, so they can develop and implement better cyber security plans than are currently in operation. It's also hoped the group will help "to unify defensive actions should an incident occur".
The organisation has therefore been given four jobs – namely:
- Design and implement comprehensive, whole-of-nation cyber defense plans to address risks and facilitate coordinated action;
- Share insight to shape joint understanding of challenges and opportunities for cyber defense;
- Implement coordinated defensive cyber operations to prevent and reduce impacts of cyber intrusions; and
- Support joint exercises to improve cyber defense operations.
The first batch of industry participants in the Collaborative are Amazon Web Services, AT&T, Crowdstrike, FireEye Mandiant, Google Cloud, Lumen, Microsoft, Palo Alto Networks, and Verizon. The USA's Department of Defense, US Cyber Command, the National Security Agency, the Department of Justice, the Federal Bureau of Investigation, and the Office of the Director of National Intelligence have also come out to play.
- Here's 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ
- Feds seize two domains used by SolarWinds intruders for malware spear-phishing op
- Here's a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies
Readers may have noticed that the list of vendors above is a little light on security players. That's intentional because the Collaborative will initially consider "ransomware and developing a planning framework to coordinate incidents affecting cloud service providers".
CISA plans to expand the group's activities over time and will enlist more private sector partners to help as and when needed.
The Agency has not, however, given a timeframe for this effort to deliver. ®