Cybersecurity Groups Push US to Boost Collaboration on Hacks

Business leaders and cybersecurity experts are pushing the Biden administration to step up efforts to quell big hacks against US companies. 

In a joint statement to be issued Tuesday, several of the groups said a public-private initiative created by the US Cybersecurity and Infrastructure Security Agency, known as CISA, 10 months ago needs to grow and increase its “reach and impact.” That initiative, called the Joint Cyber Defense Collaborative, is intended to lead cybersecurity defense and crisis planning, as well as information sharing between the government and private sector.

The groups are calling on the JCDC, whose government members include the National Security Agency and FBI, to help anticipate and plan for the top five potential digital attacks in the wake of Russia's invasion of Ukraine. The groups also want to increase “collective understanding” of cyber threats and work with lawmakers to improve regulations they say hamper effective cyber defense.

“We don't have sufficiently thoughtful game plans for dealing with national security-grade attacks against our critical infrastructure and economic functioning,” said Greg Rattray, a former director for cybersecurity in the White House. He is now executive director of the Multilateral Cyber Action Committee, which was formed by former government officials and business leaders last year after a spate of egregious breaches in the energy, health and communications sector. The committee is spearheading the push to increase collaboration between government and business to improve the nation's cyber readiness.

Eric Goldstein, executive assistant director for cybersecurity at CISA, said the JCDC “looked forward to working with an expanding breadth of partners,” and he added that it had “pioneered” a new model of collaboration between government and business.

The JCDC partnership model was “evolving,” he said, adding that it was helping to reduce the nation's cyber risk.

Michael Daniel, a former Obama administration cyber official who now leads the Cyber Threat Alliance, which is signing onto Tuesday's joint statement, said the JCDC was a good initiative that needed to “double down” so it could work at scale. He suggested hubs for specific sectors could be helpful, arranged in “concentric, overlapping circles.” 

Art Coviello, former executive chairman at RSA Security, who helped create the Multilateral Cyber Action Committee, said the JCDC should expand from about 25 businesses, mostly cybersecurity and tech companies, to 2,500. 

Avril Haines, the top US intelligence official, said at a conference on Monday that cybersecurity “is getting harder.” She said the government must find better ways to collaborate with business, including real-time information sharing about threats, saying that despite improvement there was “enormous work to be done.”