Top IT experts at the Departments of Treasury and Veterans Affairs (VA) said that the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC) program holds a lot of promise, but is “still in its infancy” with program kinks to be worked out.
JCDC is a public-private cybersecurity collaborative that leverages authorities granted by Congress in the 2021 National Defense Authorization Act in an attempt to unite the global cyber community in the collective defense of cyberspace.
“It’s still in its infancy. Some of the kinks still need to be worked out,” the VA’s Deputy Chief Information Security Officer and Executive Director of Information Security Operations, Jeff Spaeth, said of CISA’S JCDC during a Feb. 6 CSIS webinar.
“One of the things that we would like to see a little bit more of is when they get notified by some of these major vendors – and I’m not saying they don’t pass the information along, but sometimes it takes a while to get down – for some of that really in-depth technical pieces instead of, ‘Hey, this was a compromise,’” Spaeth said.
He clarified that “we love the integration, we love the coordination” that the VA is getting from CISA’s JCDC but would like to see more involvement from Federal agencies – and additional elements, like state and local governments – to be a part of the overall threat landscape and intelligence sharing. Spaeth said this would aid the Federal government in quick reactions and “closing the holes as quickly as possible.”
Amber Pearson, the VA’s executive director of information security policy and strategy, said the agency’s relationship with CISA has blossomed over the last year. Due to the VA’s limited internal resources, she noted that they rely on CISA’s collaborative partnership to inform them.
However, Pearson said when vulnerabilities do arise, she would like to see more guidance from CISA on how to protect critical systems.
“What are those actions that we as a Federal agency need to do next? And I think there’s a big gap there and how we actually continue to ensure that we’re monitoring,” Pearson said. “I think a lot of Federal agencies struggle when those things do come up, and how do we respond from a hardening capability, giving that hardening guidance to us? So those recommendations I would be looking for from agencies like CISA and helping us in responding.”
Jeff King, the principal deputy chief information officer at Treasury, said that CISA has the opportunity to be a “real catalyst” in threat hunting but needs to be a “driver and a doer” rather than a coordinator.
“I think they’re on the right track,” King said of CISA’s JCDC. “I think they may be spread across a lot of different initiatives where we need more distinct focus on specific things. So, I think the remit is still not fully clear to me as a decision maker.”
He said that the “ingredients are there” but CISA needs to focus on making JCDC a “repeatable and reliable apparatus.”
“We’ve got this body; we know that they’re chartered and empowered to a certain extent. Now it’s kind of like to turn the corner, figure out what is the core mission, execute against that mission, and consider the areas where you may be spread too thin,” King said.
VA’s Spaeth added, “Again, I don’t think the theory of the JCDC is bad at all. I think it’s still in a very infantile state.”
-
DISA Tech Expert on Finding Value in Rapid AI DevelopmentThe challenge with artificial intelligence (AI) is not a lack of capabilities but providing valuable AI-enabled easy-to-use capabilities to the warfighter, according to an official at the Defense Information Systems Agency (DISA). At today’s AFCEA NOVA’s DoD Enterprise IT Day, Deepak Seth, the AI technical lead for DISA’s Emerging Technologies Directorate, explained that the current AI landscape offers DISA a plethora of capabilities to choose from, but “the question is, how can we take advantage of them, and how do we push them towards operational use?” For example, large language models (LLMs) offer users a model pre-trained to a large dataset and can be fine-tuned for a specific task. However, according to Seth, these models “tend to lack enterprise knowledge.” “So, we’re looking at how [we] can augment these pre-trained models with enterprises datasets, so when asked the question [the response] is grounded in data that is within the organization,” Seth said. One of the capabilities that DISA is working on is offering agency officials and warfighters a question-and-answer model. “The idea is [to] take all this information that we have and then build it in some type of application,” Seth said. This capability is similar to DISA’s digital concierge, which is slated for full deployment in August. Concierge AI aims to integrate data with AI and minimize friction for users to find and analyze data. The digital concierge will take data from controlled unclassified information settings and drop them into a database where – via LLMs – that database presents users with answers. In addition to generative AI and LLMs, DISA seeks to apply AI models, tools, and services to improve its Defensive Cyber Operations (DCO). According to Seth, the challenge DCO analysts face is not just an increase in attacks, but the attacks have been more rapid and sophisticated. The agency wants to leverage AI tools to analyze incoming data and “detect any anomalies” much quicker. DISA released a request for information (RFI) published on SAM.gov on March 25, which outlined its interest in exploring the potential applications of commercial AI/ML models, tools, services, and best practices to augment and enhance its current DCO capabilities and methods. The agency received hundreds of responses and is currently reviewing them.
-
DISA CTO Sees Data as Next Frontier for Thunderdome
-
GSA Debuts FedRAMP Technical Advisory Group