Election security tops CISA's 2024 joint cyber defense priorities


The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday put forth its official Joint Cyber Defense Collaborative Priorities for 2024 – defending against China, election security, and protecting critical infrastructure all make this list.

The Joint Cyber Defense Collaborative (JCDC), a fledging organization established by CISA in 2021 to help promote cybersecurity initiatives between the public and private sectors, announced three areas of focus for the next year:

  • Defend against Advanced Persistent Threat (APT) operations.
  • Raise critical infrastructure’s cybersecurity baseline.
  • Anticipate emerging technology and risks.

“These priorities are not CISA’s alone; rather, they reflect shared goals across government, industry, and international partners that will enable cohesive planning and collaboration,” the JCDC said.

According to CISA Associate Director Clayton Romans, the JCDC is the US government's first attempt to “engage in joint planning with the private sector around shared cybersecurity challenges.”

Still, not all security insiders are convinced CISA's protege organization is effective, evident by the numerous comments posted on social media following Monday's JCDC release.

For example, JCDC recently touted its success regarding past initiatives, such as securing open-source software in industrial control systems and enhancing security and incident response for the public water sector.

Yet, these successes have been overshadowed by CISA advisories and headline-making cyberattacks. In December, A CISA warning about Iranaian hackers targeting public water facilities was released after a targeted attack was reported on a Pennsylvania township water authority, and ealier this month, the breach of security credentials for the Oldsmar water plant in Florida.

“At a House hearing last week on securing OT threats in the water sector, cybersecurity experts said that the JCDC is suffering from “growing pains,” @Exetlos_GDA said on X.

Last week, the FBI and CISA released another advisory confirming that China’s digital espionage threat actors, Volt Typhoon, have been moving around inside multiple US critical infrastructure networks undetected, and in some instances, for at least five years.

"Amid questions about JCDC's effectiveness, CISA lays out the group's 2024 priorities... ," posted fellow cybersecurity journalist @ericgeller on X.

JCDC six priorities in detail

Echoing the collective’s 2023 initiatives, there are six specific priorities listed under the three focus areas.

Under the first focus, the JCDC specifically mentions defending US infrastructure against the 2023 increase of malicious APTs – such as ‘living off the land (LOTL) attacks – launched by the Peoples Republic of China (PCR).

LOTL attacks are when the attacker uses native tools already present in the victims system instead of having to install malicious files, code, or scripts to carry out the attack.

The fileless tools can include PowerShell, Windows Management Instrumentation (WMI) or the password-saving tool, Mimikatz, according to cybersecurity solutions firm Crowdstrike.

Part of the second strategy, "Raising the Baseline," entails elevating the US National Cyber Incident Response Plan (NCIRP) to increase resiliency and recovery in the event of a major cyber incident.

Romans said reducing the impact of ransomware attacks and extortion costs plaguing organizations and facilities in the critical sectors will play a part as its third priority.

Leveraging Secure by Design principles as the fourth element, Romans said the JCDC will prioritize “operational activities that actively defend against and disrupt ransomware campaigns in collaboration with government and non-governmental entities.”

In 2023, CISA introduced the Secure by Design Alert program, aimed at pushing tech manufacturers to address root software vulnerabilities before products are released in the wild, and encouraging the implementation of security best practices.

To reduce the nation’s risk, we need to do more than warn defenders about the most current attacks and software vulnerabilities, CISA has said about the importance of cybersecurity best practices.

“We need to look much further ‘left-of-boom’ and into the software development practices in order to fix things before intrusions cause harm to the American people,” CISA said.

Confronting AI risks and election security

Finally, the last two priorities will address the growing concerns of emerging technologies. The JCDC said it will use CISA’s Roadmap for AI to help understand the benefits and risks AI poses to critical infrastructure.

This will also involve a broad initiative to help combat US election fraud.

The JCDC will “help to provide state and local election officials with information and tools to help secure their networks and infrastructure against cyber threats,” Romans said.

All part of “CISA’s broader election security efforts,” the JCDC aims to create "a resilient and secure election security ecosystem by sharing threat information with industry partners, interagency partners, SLTT entities (State, local, tribal, and territorial), and vendors across the elections community," Romans said.

As for relying on the government to secure the 2024 US presidential election, X user @billcraft16 posted, “Remember that those vulnerable voting machines are "Critical Infrastructure." So the feds will be watching who votes for whom? The same feds that gave us "the safest and most secure election" in 2020??”


More from Cybernews:

US judge orders Elon Musk to testify in SEC's Twitter probe

White House will fight deepfakes with cryptographic verification

Report: China fails to back its claims of Western cyber espionage 

Iran’s Supreme Leader removed from Meta’s Instagram and Facebook

Ukraine claims Russia uses Starlink in war, Musk denies

Subscribe to our newsletter