The Cybersecurity and Infrastructure Security Agency (CISA) this week expanded the Joint Cyber Defense Collaborative (JCDC) project to include industrial control systems (ICS) security vendors and operators. The announcement came out the same day as Five Eyes cybersecurity authorities released a joint advisory warning of increased Russian state-sponsored malicious cyberattack activity.

CISA launched its JCDC project last summer. It was initiated to bring its public and private partners together to create a common operating picture of the current threat environment, develop the nation’s comprehensive cyberdefense plans, and implement these plans into actual operations.

Currently, JCDC includes more than 20 private sector alliance partners such as Google Cloud, Microsoft, Amazon Web Services (AWS), Cisco, VMware, Juniper, Palo Alto Networks, and Crowdstrike.

To bolster the security of industrial control systems and operational technology, CISA has initiated a JCDC-ICS effort to build cyberdefense plans, inform government guidance on ICS/OT cybersecurity, and bring private-public partners to the ICS community. 

“Cyberthreats to the systems that control and operate the critical infrastructure we rely on every day are among our greatest challenges,” CISA Director Jen Easterly said at the recent S4x22 conference in Miami. “As the destruction or corruption of these control systems could cause grave harm, ensuring their security and resilience must be a collective effort that taps into the innovation, expertise, and ingenuity of the ICS community.” 

Inaugural members of this effort include Schneider Electric, Schweitzer Engineering Laboratories, GE, Honeywell, Siemens, Bechtel, Claroty, Dragos, Nozomi Networks, Xylem, and several existing JCDC alliance partners.

“As a community, we must continue to build cyberdefenses in our systems and products while focusing on a more resilient future,” Annette Clayton, CEO and president of North America operations at Schneider Electric, wrote in a blog post. “This is the direction we must take our planning efforts as part of the JCDC so that we can prepare ourselves for the next phase of this era.”

Clayton emphasized the importance of defending ICS, as Schneider Electric’s systems are used in 40,000 water and wastewater treatment installations, 40% of hospitals worldwide, ten of the top electric utilities, and ten of the world’s largest airports. 

Industrial security vendor Dragos also applauded the move. "This time, with JCDC, CISA takes it to a new level where government, industry, and solutions providers have a streamlined venue to continuously work together on strengthening the resilience of industrial operations,” Dragos VP Ben Miller noted.

Cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom warned that intelligence indicates the Russian government and aligned cybercrime groups are exploring options for potential cyberattacks.

Those agencies also urged critical infrastructure network defenders to prepare for and mitigate potential cyberthreats that include destructive malware, ransomware, DDoS attacks, and cyberespionage.

The advisory provides detailed information about Russian state-sponsored cyber operations, Russian-aligned cyberthreat groups and their tactics, techniques, and procedures, along with mitigation suggestions for the defenders.

“The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyberactivity,” the advisory wrote. “This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners.”