Rep. Eric Swalwell (D-Calif.) on Thursday said he will introduce legislation in the coming weeks to better structure a public-private partnership collaborates on urgent cybersecurity needs and is overseen by the Cybersecurity and Infrastructure Security Agency (CISA) to better define its role.
The 18-month-old Joint Cyber Defense Collaborative (JCDC) is operating without a charter and “concrete criteria for membership, all of which are essential for the JCDC to provide enduring value,” Swalwell said in his opening remarks at a hearing held by the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection.
There is also uncertainty about how private sector entities can become part of the JCDC, he said.
Swalwell, the ranking member on the subcommittee, said that the feedback he and his staff have received has highlighted the importance of the public-private collaboration the JCDC provides. Following Russia’s invasion of Ukraine last year, the JCDC “enabled rapid information sharing among government and private sector partners” and was “critical in addressing” a vulnerability in the Log4j logging tool, he said.
The forthcoming bill will “clarify the activities of the JCDC to improve on its successes and increase its impact,” Swalwell said.
Late in the hearing, Swalwell asked one witness how CISA can give the JCDC “structure and clarity…to sustain momentum” while maintaining its agility?
Drew Bagley, vice president and counsel for privacy and cyber policy at the cybersecurity technology firm CrowdStrike (CRWD), replied that the JCDC could use more structure and working groups.
“But the more that CISA can actually structure with purpose and with theme, different working groups, I think that can lead to certain advantages and certain efficiencies, just as any organization that’s going from startup to scale needs to adjust and reorganize,” Bagley said.
CrowdStrike has been a member of the JCDC since it stood up in August 2021. CISA touts the entity for its operational collaboration, meaning private and public sector participants solve cybersecurity challenges together.
Bagley, in his prepared remarks, offered some ideas to improve the JCDC, including “approaches that stratify or segment membership to maintain trust” and strengthening the “administrative customer relationship management practices.” He said CISA is already doing a good job soliciting feedback from the JCDC’s participants.