The Joint Cyber Defense Collaborative (JCDC) is an operational partnership housed within the U.S. Cybersecurity and Infrastructure Security Agency (CISA). It was launched in August 2021 by then-CISA Director Jen Easterly under authority granted by Section 1715 of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, which directed CISA to establish a planning capability that brings together federal agencies, state and local governments, and private-sector partners to develop and execute cyber defense plans.
The JCDC's core function is to operationalize collaboration rather than merely facilitate after-the-fact information sharing. It convenes participants to:
- Develop joint cyber defense plans addressing specific risks, such as ransomware against critical infrastructure or threats to industrial control systems.
- Share actionable threat intelligence in near real time across trusted partners.
- Coordinate incident response during major cyber events affecting multiple sectors.
Founding industry "Alliance" partners announced in 2021 included Amazon Web Services, Microsoft, Google Cloud, Cisco, CrowdStrike, FireEye (Mandiant), Palo Alto Networks, AT&T, Verizon, Lumen, and others. Federal participants include the FBI, NSA, U.S. Cyber Command, the Office of the Director of National Intelligence, the Department of Defense, the Department of Justice, and sector risk management agencies.
The JCDC was activated in high-profile situations including the response to the Log4Shell vulnerability disclosed in December 2021 and ahead of Russia's February 2022 invasion of Ukraine, when CISA used JCDC channels to push the "Shields Up" guidance to U.S. critical infrastructure operators.
Critics, including some members of Congress and a March 2024 review reported in the trade press, have questioned whether the JCDC has matured beyond informal information sharing into genuine collaborative planning. CISA has since announced efforts to refine membership criteria and prioritize a smaller set of joint plans, signaling an evolution from broad convening toward focused operational outcomes.
Example
In December 2021, CISA used the JCDC to coordinate with Microsoft, AWS, Google, and federal agencies on the response to the Log4Shell vulnerability affecting Apache Log4j.
Frequently asked questions
The Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security, leads the JCDC. It was launched in August 2021 under CISA Director Jen Easterly.
Keep learning