U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, debuted the Joint Cyber Defense Collaborative (JCDC), which will leverage the expertise of Big Tech companies including Amazon, Google and Microsoft. According to CISA director Jen Easterly, the initiative’s aim is first to combat ransomware and cyberattacks on cloud-computing providers and ultimately to improve defense planning and information sharing between the government and private sectors.

The Wall Street Journal reports that other participants in the JCDC include “the security companies CrowdStrike Holdings, FireEye, and Palo Alto Networks as well as telecommunications vendors AT&T, Verizon Communications and Lumen Technologies.”

In the past year, ransomware attacks have “disrupted large parts of daily life in the U.S.,” but when cloud services provider Kaseya was hit, President Joe Biden “warned Russian President Vladimir Putin that the U.S. would take ‘any necessary action’ to protect its infrastructure from these incidents.” Shortly thereafter, the U.S. pegged attacks on users of Microsoft Exchange Server software on China’s Ministry of State Security.

This week, the Senate’s $1 trillion infrastructure bill includes additional money for CISA as well as “a raft of other cybersecurity measures, such as $1 billion in funding over the next few years for a cybersecurity grant program for states and local authorities and additional money to boost energy-sector cyber defenses.”

Easterly stated that, “improving information sharing between government and companies will make it easier to spot and combat threats such as” the sophisticated hack of SolarWinds, where “Russian hackers were able to parlay their attack into access to more than 100 company networks and some government systems.”

At Google’s cloud computing group, chief information officer Phil Venables stated that, “the providers of those vast [cloud] data centers are often on the front line of cyberattacks, giving them insight into the latest hacks and the resources available to mitigate the attacks.”

ZDNet reports Easterly stated that the JCDC will “uniquely bring people together in peacetime, so that we can plan for how we’re going to respond in wartime.”

The JCDC describes its mission as leading “the development of the Nation’s cyber defense plans … [to] prevent and reduce the impacts of cyber intrusions.” It notes that, “the $740 billion National Defense Authorization Act (NDAA) of 2021 passed on January 1 gave them ‘new authority’ to bring together both public and private institutions to coordinate responses to cyberattacks.”

The initiative brings together representatives from the DHS, the Justice Department, U.S. Cyber Command, NSA, FBI and the Office of the Director of National Intelligence. JCDC “will also coordinate with state level officials and other owners and operators of critical information systems … and also plan for ‘adaptive’ cyber defense to deal with ‘adversary activity conducted in response to U.S. offensive cyber operations’.”