The Joint Cyber Defense Collaborative (JCDC) was established over two years ago to drive unified efforts across public and private partners to achieve our most important cybersecurity outcomes. Each year, hundreds of JCDC partner organizations provide insight, expertise, and perspective to help identify our collective priorities for the coming year. We are excited to introduce our 2024 Priorities. Of course, these priorities are not CISA’s alone; rather, they reflect shared goals across government, industry, and international partners that will enable cohesive planning and collaboration.
While these Priorities build on our 2023 Planning Agenda, they also represent a critical step in JCDC’s maturation. For the first time, we are aligning our priorities under three broad focus areas, which in turn will enable alignment of resources and strategic direction.
(1) Defend Against Advanced Persistent Threat (APT) Operations: Last year’s ODNI Annual Threat Assessment makes clear the threat posed by malicious cyber actors, particularly those affiliated with the People’s Republic of China (PRC). No longer can our cyber defense focus on espionage and data theft; we must now posture to protect our country and allies against destructive attacks designed to cause real-world harm. Our priorities in this focus area center on JCDC’s strategic and operational efforts to counter known and suspected APT attack campaigns targeting entities that support national critical functions.
- Discover and defend against malicious abuse by APT actors, particularly those backed by the PRC, on and against U.S.-based infrastructure.
- Prepare for major cyber incidents. CISA, through the JCDC, will finalize and publish the National Cyber Incident Response Plan (NCIRP), in close coordination with interagency and industry partners.
(2) Raise the Cybersecurity Baseline: Too many successful intrusions are preventable, the result of inadequate investment in basic practices. Our priorities in this focus area center on JCDC’s ability to organize and support efforts that raise the cybersecurity baseline of critical infrastructure entities.
- Help state and local election officials secure their networks and infrastructure against cyber threats as part of CISA’s broader election security efforts.
- Measurably decrease the impact of ransomware on critical infrastructure.
- Make measurable progress toward a world where technology is Secure by Design. Even as we urgently work to help organizations implement the most effective cybersecurity measures, we know that scalable change requires a fundamental shift in how technology is designed, built, and maintained. We will continue to drive measurable commitments across the technology ecosystem that reduce the number of defective technology products by design and ensure that strong default settings are the norm.
(3) Anticipate Emerging Technology and Risks: Innovation can help to close off entire avenues of attack but may also create new cybersecurity risks. Our priorities in this focus area center on JCDC’s work with the cybersecurity community to support accelerated innovation in cyber defense and reduce known and suspected risks posed by the deployment of emerging technologies.
- Decrease the risk posed by Artificial Intelligence (AI) to critical infrastructure. In alignment and coordination with CISA’s Roadmap for Artificial Intelligence, JCDC will work to decrease the likelihood and impact of AI-related threats and vulnerabilities to critical infrastructure providers.