CISA publishes 2024 cyber defence priorities
CISA remains committed to proactive defence measures, leveraging initiatives such as Secure by Design principles and AI risk assessment to mitigate cyber risks and enhance overall resilience.
The US Cybersecurity and Infrastructure Security Agency (CISA) has announced its official Joint Cyber Defense Collaborative (JCDC) Priorities for 2024, highlighting three key areas of focus: defending against Chinese threats, safeguarding election integrity, and fortifying critical infrastructure.
Established in 2021, the Joint Cyber Defence Collaborative (JCDC) aims to foster collaboration between public and private sectors around cybersecurity initiatives. According to Clayton Romans, Associate Director of CISA, the JCDC represents the US government’s effort to engage in joint planning with the private sector to address shared cybersecurity challenges. However, despite past successes touted by the JCDC in securing open-source software and addressing risks in critical sectors, scepticism remains regarding its effectiveness, particularly in light of recent cybersecurity incidents.
Amid concerns raised about the effectiveness of the JCDC, CISA emphasises the importance of its 2024 priorities, which build upon initiatives from the previous year. These priorities include defending against malicious APTs, such as ‘living off the land’ (LOTL) attacks, enhancing the National Cyber Incident Response Plan (NCIRP) to improve resiliency, and reducing the impact of ransomware attacks on critical sectors.
Additionally, the JCDC plans to leverage Secure by Design principles to defend against ransomware campaigns actively and disrupt malicious activities. By addressing cybersecurity vulnerabilities early in the software development process, CISA aims to mitigate risks and enhance overall cybersecurity posture.
In response to emerging technology risks, the JCDC will utilise CISA’s Roadmap for AI to assess the benefits and risks that artificial intelligence poses on critical infrastructure. Furthermore, the collaborative will focus on supporting election security efforts by providing state and local election officials with tools and information to secure their networks against cyber threats.
Despite these initiatives, scepticism still remains among some stakeholders regarding the government’s ability to ensure election security, particularly in light of past vulnerabilities in voting systems. However, CISA asserts its commitment to fostering a resilient and secure election security ecosystem through collaboration with industry partners and government entities.