The Cybersecurity and Infrastructure Security Agency (CISA) is rolling out its Joint Collaborative Environment (JCE) project in an effort to enhance its industry partnerships and enrich its cyber threat data.
At AFCEA and INSA’s Intelligence and National Security Summit event on July 14, Aastha Verma, the chief of CISA’s Cybersecurity Division, explained that CISA’s public-private partnerships are all voluntary, so there is a lot of “trust building” her agency has to do.
“Our ability to reach and create those industry partnerships is going to be key. And I’m fortunate to say one of the efforts that I’m associated with on behalf of the agency is designed exactly for that,” Verma said. “It is a Joint Collaborative Environment. It is designed to help share data and analytics, not just with other agencies, and not just with across civilian defense agencies, but also with the private sector.”
“So, part of this project’s goal, the Joint Collaborative Environment, is to improve that ecosystem at large,” she added. “How do we get information, [and] share that information in a meaningful way?”
The Joint Collaborative Environment (JCE), which was recommended by the Cyberspace Solarium Commission, is a recent priority within CISA. Verma went on to describe the JCE as a “set of highways” that allows data to get from point of ingest into a developed product – usually an analytic product.
However, when it comes to sharing that data back out to other partners, Verma said it gets “complicated” because each agency has different authorities over certain data.
“What CISA is trying to do is take our data that we collect through vulnerability scans and the various different services we offer – we want to enrich it. We want to enrich it with data that other agencies are collecting,” Verma said. “What can we generate meaningful insights from and then who and how can we share it back out to the audience, whether it’s agencies or industry.”
“That’s what the Joint Collaborative Environment ecosystem is all about, figuring that out,” she continued. “Making it work, and making it work effectively, so that we’re not experiencing unnecessary delays when things like SolarWinds happens. We’ve got those highways built.”
The JCE has not been codified into law, but Verma said “it is an effort,” despite the lack of funding from Congress.
“It takes a lot to get something lawed and funded in our world – let’s just be real about that. But that doesn’t mean the need isn’t there,” she said. “So, CISA saw and read the [Cyberspace Solarium Commission] report, we understood the fractured environment problem, and we’re tackling it.”
“We’re working that in coalition and in partnership with other agencies, and if Congress wants to make it a funded law, that’s great, but we’re doing it in the meantime anyway,” she concluded.
The Joint Collaborative Environment project is distinct from CISA’s Joint Cyber Defense Collaborative effort, which works to advance joint cyber defense capabilities through joint campaign plans and enhancement of public-private operational partnerships.