CISA’s Joint Cyber Defense Collaborative takes major personnel hit

The Cybersecurity and Infrastructure Security Agency’s marquee program for collaborating with the private sector to thwart hackers has been seriously hobbled by the abrupt end of a major contract.

The Joint Cyber Defense Collaborative (JCDC) lost a large number of support personnel on Monday after CISA’s contract with the technology firm ICF expired on July 25, according to three people familiar with the matter, who requested anonymity to discuss internal matters. “JCDC went from 100-plus ICF contractors to 10” after the Department of Homeland Security failed to renew the contract in time, one of the people said.

Another person confirmed the unit lost more than 100 contractors.

The JCDC partners with companies, other agencies and foreign governments to plan for future threats, analyze ongoing attack campaigns and publish defensive guidance. Since its creation in 2021, it has coordinated the government’s real-time responses to major incidents, held tabletop exercises with emerging industries, led detailed risk assessments for critical infrastructure sectors and spearheaded advisories on a wide range of topics.

The JCDC’s loss of its contractors could significantly impede its collaborative work, including undermining its ability to marshal a unified private-sector response to a major cyberattack and reducing its capacity to collect and distribute threat information.

Despite its ambitious remit, the JCDC has only a small federal staff and relies heavily on contractors for its day-to-day work, including unglamorous but vital activities like writing memos and arranging meetings. In particular, contractors “help to facilitate the relationship between CISA and other federal agencies,” said one person familiar with the matter. There are more than 100 agencies, this person noted, and JCDC’s partnerships team only has a few federal employees to manage all of those relationships.

The disruption to the JCDC’s activities comes as CISA tries to stay ahead of increasingly aggressive Chinese state-backed attacks on U.S. critical infrastructure organizations. The JCDC has been serving as the tip of the spear for CISA’s efforts to understand the extent of Beijing’s campaigns.

For now, CISA can use emergency funding to retain the JCDC’s remaining 10 ICF contractors for two weeks, and it can keep renewing that two-week arrangement until the fiscal year ends on Sept. 30, according to one of the people familiar with the matter. But after that, the remaining ICF workers will need to leave.

CISA Director of Public Affairs Marci McCarthy said in a statement that the agency is “laser-focused” on returning to its core authorities and “eliminating waste and saving taxpayer dollars.” McCarthy said CISA is reviewing its contracts “to ensure that all resources committed align with our core statutory mission and the priorities of the administration.” She added that CISA is “taking steps to avoid any operational impact” to its mission, but the agency declined to identify those steps.

JCDC contractor ICF did not respond to multiple requests for comment.

More CISA cyber programs at risk

The ICF partnership is one of many CISA contracts that either recently expired or could soon expire because of Secretary of Homeland Security Kristi Noem’s mandate that her office directly approve virtually all contracts for her $65 billion department. CISA’s contract with Lawrence Livermore National Laboratory to analyze cyber-threat monitoring sensor data lapsed on July 20, and another contract with the lab expired in March.

Other CISA contracts that could expire soon include Peraton’s Cyber Threat Detection Analysis work, Nightwing’s Engagement Support Services work and an arrangement with Sandia National Laboratories to produce defensive tools and risk assessment resources, according to a person familiar with the matter. CISA and the three organizations declined to discuss the contracts or even confirm their expiration dates. The person familiar with the matter said the Nightwing and Peraton contracts would expire at the end of August if not renewed.