CISA Expands Joint Cyber Defense Collaborative to Include ICS Experts

April 25, 2022 - The Cybersecurity and Infrastructure Security Agency (CISA) plans to expand the Joint Cyber Defense Collaborative (JCDC) to include industrial control systems (ICS) and operational technology (OT) experts. New members of the JCDC-ICS initiative include experts from Claroty, Siemens, GE, Honeywell, and Bechtel.

The coalition of vendors, integrators, and distributors will expand the JCDC’s reach to account for ICS and OT security risks. CISA formed the JCDC in August 2021 “to unify defensive actions and drive down risk in advance of cyber incidents,” its website states.

The public-private sector partnership already includes 211 private sector alliance partners, including AT&T, Verizon, VMware, IBM, Google Cloud, and AWS.

CISA Director Jen Easterly announced the collaborative’s expansion at the S4x22 conference in Miami.

“Cyber threats to the systems that control and operate the critical infrastructure we rely on every day are among our greatest challenges. As the destruction or corruption of these control systems could cause grave harm, ensuring their security and resilience must be a collective effort that taps into the innovation, expertise, and ingenuity of the ICS community,” Easterly said.

“I’m excited to leverage our evolving JCDC platform to enable us to plan, exercise, and collaborate with industry leaders to drive down risk to the systems and networks we depend on so greatly as a nation.”

ICS security has become a growing concern across critical infrastructure. In mid-April, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Department of Energy (DOE) issued an advisory about advanced persistent threat (APT) actors who developed tools made specifically for targeting ICS/supervisory control and data acquisition (SCADA) devices.

“The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network,” the advisory stated.

“Additionally, the actors can compromise Windows-based engineering workstations, which may be present in information technology (IT) or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities.”

Although these specific tools have been mostly targeted at the energy sector, CISA urged all critical infrastructure entities to safeguard against emerging cyber threats.

In a recent report, Claroty observed an uptick in healthcare IoT, IT, and medical device vulnerability disclosures, signaling a need for better ICS security in healthcare. ICS vulnerability disclosures grew by 110 percent over the last four years, with a 25 percent increase in the latter half of 2021 alone.

In addition, CISA recently released an advisory regarding the LifePoint Informatics patient portal and specifically stressed the importance of ICS security. The agency directed organizations toward its ICS security best practices and resources and encouraged all critical infrastructure entities to adopt defense in depth strategies to improve ICS security.

“JCDC-ICS will build on the existing platform of the JCDC by taking advantage of the knowledge, visibility, and capabilities of the ICS community to build plans around the protection and defense of control systems; inform U.S. government guidance on ICS/OT cybersecurity; and contribute to real time operational fusion across private and public partners in the ICS/OT space,” CISA’s latest announcement stated.