What is JCDC?
JCDC is a public-private cybersecurity collaborative that leverages new authorities granted by Congress in the 2021 National Defense Authorization Act to unite the global cyber community in the collective defense of cyberspace. JCDC is designed to catalyze a new model of operational collaboration through three complementary goals: first, establish enduring capabilities for persistent collaboration in which participants continuously exchange, enrich, and act on cybersecurity information with the necessary agility to stay ahead of our adversaries; second, to develop and jointly execute proactive cyber defense plans intended to reduce the most significant risks before they manifest; and, third, enable true co-equal partnership between government and the private sector, including through joint enrichment and development of timely cybersecurity advisories and alerts to benefit the broader community. JCDC participants include service providers, infrastructure operators, cybersecurity companies, companies across critical infrastructure sectors, and subject matter experts (SMEs) who collectively work together to enable synchronized cybersecurity planning, cyber defense, and response.
- What are JCDC’s core functions?
JCDC’s core functions include:
- Developing and coordinating plans for cyber defense operations and supporting execution of those plans,
- Driving operational collaboration and cybersecurity information fusion between public and private sectors, for the benefit of the broader ecosystem, and
- Producing and disseminating cyber defense guidance across all stakeholder communities.
- Who comprises JCDC?
JCDC brings together organizations and operators from across the public and private sector, including state, local, and international government participants. Industry participants include service providers, infrastructure operators, cybersecurity companies, and companies across critical infrastructure sectors with the expertise, visibility, and capability to understand and enable collective action to reduce cybersecurity threats and vulnerabilities impacting the American organizations and the global internet ecosystem. JCDC additionally includes specific government agencies designated by Congress for the joint cyber planning office, including the Department of Homeland Security, U.S. Cyber Command, the National Security Agency, the Federal Bureau of Investigation, the Department of Justice, and the Office of the Director of National Intelligence. Additional federal agencies are included in specific planning and collaboration efforts based upon unique expertise or requirements, including the U.S. Department of Defense, the Transportation Security Administration, the Environmental Protection Agency, the Federal Aviation Administration, the Department of Energy, and the Department of the Treasury. In addition, JCDC enables continuous collaboration with over 100 international cyber defense organizations, often known as “CERTs,” to ensure that information about cyber threats identified anywhere across the globe is rapidly disseminated and used to increase friction for our common adversaries. JCDC further works with existing information sharing hubs and groups — like Information Sharing and Analysis Centers — to ensure the rapid dissemination of actionable information across the broader community.
- Who should participate in JCDC, and how can I get involved?
CISA welcomes all critical infrastructure organizations and entities with cybersecurity expertise and visibility to participate in our collaboration efforts. Participation is based on a reciprocal expectation of collaboration, in which all participants, public and private, are expected to be active collaborators, with a focus on bidirectional information sharing, information enrichment, tipping, and providing insights to broader campaigns and threat actor activity.
Working with JCDC will look different for each organization and its unique subject matter expertise, visibility, and capabilities. For some, it might involve being part of a cyber defense planning effort focused on a specific risk scenario. For others, it might involve joining an operational collaboration effort focused on a specific threat or vulnerability. And for others, it might involve participating in analyst-to-analyst exchanges. For further information about participating, email email@example.com.
- What communication platforms are used by JCDC to share information and ensure an ongoing open dialogue among JCDC participants?
JCDC shares information and ensures ongoing open dialogue through a variety of platforms. Persistent collaboration channels often use Slack, including channels that bring together participants from specific sectors for ongoing collaboration and channels created for a defined time to work on particular operational issues, along with the ability to establish smaller channels for operationally sensitive activities. While some of these channels are used to continuously share information, others are intended to provide an “always-in” platform where participants can immediately convene and collaborate if the need arises. JCDC additionally uses platforms like the Homeland Security Information Network (HSIN) and distributed emails via the GovDelivery service for broader, uni-directional information sharing. CISA is continuously investing in new capabilities to enable frictionless collaboration, including capabilities for rich data analysis.
- Which individuals are involved in the JCDC from participating organizations?
JCDC is an operational body and participating individuals are expected to serve in operational roles and maintain relevant expertise in topics such as threat analysis, vulnerability management, and incident response. JCDC is not a policy forum and issues related to national cybersecurity policy are generally considered appropriate for alternate bodies such as Sector Coordinating Councils.
- How will JCDC industry participants’ affiliation impact current or future ability to be awarded DHS/CISA contracts?
JCDC is a voluntary collaborative that is wholly separate from all federal contracting functions. JCDC participation has no impact on a participant’s current or future ability to be awarded any federal contracts, including those issued by DHS or CISA.
- Is JCDC the only way to work with CISA?
No – there are a variety of ways to work with CISA outside of the JCDC. JCDC is the U.S. government’s focal point for cross-sector cybersecurity collaboration and joint cyber defense planning and enables CISA’s broader portfolio of risk reduction efforts. In addition to working with the JCDC on operational collaboration and planning, organizations are encouraged to sign up for CISA’s cybersecurity services, which are informed by evolving risk information identified by JCDC participants. Organizations are also encouraged to participate in CISA’s Coordinated Vulnerability Disclosure program and report incidents via the Incident Reporting Portal.
- Does JCDC work with organizations that are not part of the JCDC?
Yes. JCDC works with U.S. government organizations and other private sector companies, independent researchers, and international government cybersecurity centers to share information and collaborate on cybersecurity risks based upon specific issues or where unique expertise is required.
- How does CISA safeguard JCDC participant input that includes proprietary information?
Trust is foundational to the JCDC’s success. To that end, all JCDC participants, including both government and private sector organizations, are required to adhere to strict dissemination restrictions. All JCDC participants adopt dissemination control markings, such as Traffic Light Protocol (TLP) markings, on data that is submitted. When information is submitted to CISA, we work closely with the entity that submitted the information to scope where and with whom the information can be shared in accordance with applicable laws. More information on TLP is available at https://www.cisa.gov/tlp.
CISA will not disclose any information that is exempt from disclosure under the Freedom of Information Act (FOIA) consistent with 5 USC 552(b), including but not limited to Exemption (b)(3) as specifically exempt from disclosure by statute, Exemption (b)(4) as trade secrets and commercial or financial information that is privileged or confidential, and Exemption (b)(7)(A)-(f) as records or information compiled for law enforcement purposes.
Stakeholders that share information with CISA are eligible for certain protections under the Cybersecurity Information Sharing Act of 2015, if the stakeholder meets certain requirements. See detailed guidance.
- What does JCDC participation mean for members with pre-existing relationships with CISA or other federal agencies?
What does JCDC participation mean for members with pre-existing relationships with CISA or other federal agencies?
JCDC participation does not supersede or replace any existing relationships between JCDC participants and CISA or other Sector Risk Management Agencies. Entities within a given sector are encouraged to establish and maintain relationships with agencies that maintain unique sectoral expertise, such as the National Security Agency’s Cybersecurity Collaboration Center for companies in the Defense Industrial Base and the Department of Energy’s Energy Threat Analysis Center for companies in the energy sector. The JCDC is the single point where these sectoral efforts come together to enable visibility and collective risk reduction across sectors at a national scale.
- Does CISA endorse JCDC participants?
CISA does not endorse any commercial entity, product, or service, including any subjects of analysis. Any reference to a specific commercial entity or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA. With participant approval, CISA may acknowledge JCDC participants and valuable contributions to the development of various collaborative efforts (e.g., joint Cybersecurity Advisories, joint plans) within the products themselves, on CISA’s website, in stakeholder messaging, and/or via CISA’s social media platforms.
- How does CISA balance the need for inclusive involvement with the necessity of enabling trusted collaboration?
CISA recognizes the value of incorporating a wide range of participants in JCDC while also maintaining sufficiently defined efforts to ensure trusted collaboration. For this reason, organizations participate in planning and collaboration efforts based upon specific expertise or capability of relevance to the risk reduction goal of a given effort. Most JCDC planning and collaboration efforts do not involve more than 20 organizations, and many are significantly smaller. However, the outputs of these efforts generally result in actionable information or products that are shared with the broader cybersecurity community, including Information Sharing and Analysis Centers.
- How does JCDC determine what plans to develop? Who activates and leads the execution of cyber defense plans developed by JCDC?
JCDC conducts an annual process to identify the highest priority cyber defense plans for development and execution. In 2023, these plans will include a focus around three areas: concentrated risk, collective cyber response, and high-risk communities. (See the 2023 JCDC Planning Agenda for more information.) Plan activation and coordination procedures are plan-specific, and change based on operational requirements and other conditions. Execution may be carried out by CISA or interagency and/or private participants depending on the subject and scope of the plan.
- What’s on the horizon for JCDC?
The next big steps in JCDC’s continued maturation and growth include:
- Continuing to coordinate and enhance JCDC cyber threat and vulnerability guidance to better inform the broader cyber community on known adversary tactics, actionable detection methods, and mitigation guidance.
- Deepening operational relationships with a wider range of companies and subject matter experts, including the cybersecurity research community, as well as international participants.
- Expanding JCDC engagement across additional sectors and specialists within sectors ranging from owners/operators, vendors, and cybersecurity experts/providers.
- Expanding JCDC’s cyber planning function, which includes deliberate and crisis action plans to address the most pressing current and future potential risks.
- Drawing on the capabilities and expertise across JCDC members to identify more opportunities for regular analytic and data exchanges that ensure timely, accurate, and useful information fusion.
- Continuing to exercise JCDC processes and review lessons learned from JCDC efforts to optimize how the Collaborative operates.