Congressional Panel Advances Public-Private Cyber Collaboration

The House Armed Services Committee (HASC) debated the annual National Defense Authorization Act (NDAA) on Wednesday, advancing the bill with a key cyber provision intact. The proposed creation of a Cyber Threat Information Collaboration Environment reflects a recognition that to enhance cooperation with the private sector, the U.S. government needs a better way to share actionable cyber threat information.

The NDAA provision calls on the secretary of homeland security to create a platform for participating entities, including critical-infrastructure operators, to better “identify, mitigate, and prevent malicious activity in cyberspace,” as the summary of the bill explains. This “information collaboration environment” will bring together both classified and unclassified intelligence about cyber threats.

The HASC chairman’s factsheet about the bill notes that this provision is “modeled on a recommendation from the Cyberspace Solarium Commission” (CSC). Specifically, the collaboration described in the legislation closely aligns with the CSC’s recommendation that Congress create and fund a “Joint Collaborative Environment.”

While the legislative text does not address why a collaborative environment is necessary, the CSC report was explicit: The federal government is failing to consolidate and share information “at the speed and scale necessary for rapid detection and identification” of cyber threats. The U.S. government’s “fragmented approach” to situational awareness in cyberspace is “causing confusion and adding significant burden for the private sector in public-private information-sharing efforts.”

The new information sharing environment called for in the NDAA would work to lower the bureaucratic hurdles that often hinder the government’s ability to pass actionable threat information to the private sector. While such information may not be sensitive, it often requires a lengthy process to get approved for dissemination at the unclassified level. Thus, the government frequently misses its window to provide useful threat information to the private sector.

The collaborative environment will be designed to remove barriers to information dissemination, establish a direct connection between private-sector companies and the government, and ensure that threat information flows more freely between the public and private sectors. At the same time, the collaborative environment will ensure that more detailed analyst-to-analyst work between government and private-sector experts can still continue at the classified level.

The Cyber Threat Information Collaboration Environment will be a critical third leg of the newly created Joint Cyber Defense Collaborative (JCDC) at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). The JCDC aims to coordinate cyber defense planning and response capabilities across the government and with industry, both in advance of and in the aftermath of cyberattacks.

To achieve this mission, the JCDC needs planning resources, the ability to integrate operations, and a shared knowledge of the threat landscape. In last year’s NDAA, Congress stood up the first two of these requirements by creating the Joint Cyber Planning Office (JCPO) and the Integrated Cybersecurity Center (ICC). CISA’s vision for the JCDC builds upon and expands these two concepts. But without better information sharing, the government’s efforts to operationalize collaboration with the private sector will continue to fall short.

The NDAA now heads to the House and Senate floor, where members of Congress will debate hundreds of amendments. Throughout this process and during the harmonization of the NDAA’s Senate and House versions, Congress should ensure that the Cyber Threat Information Collaboration Environment provision is included. Fully authorizing (and resourcing) all three elements of the JCDC — the JCPO, the ICC, and the Cyber Threat Information Collaboration Environment — will signal Washington’s commitment to defending U.S. critical infrastructure from future cyberattacks.

Mark Montgomery serves as senior director of the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD) and as senior advisor to the chairmen of the Cyberspace Solarium Commission. Trevor Logan is a cyber research analyst at CCTI. For more analysis from the authors and CCTI, please subscribe HERE. Follow Mark and Trevor on Twitter @MarkCMontgomery and @TrevorLoganFDD. Follow FDD on Twitter @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.