NDAA requires intelligence agencies to study creation of cyber collaboration program

Key federal agencies in charge of intelligence and cybersecurity will be required by the upcoming National Defense Authorization Act (NDAA) bill to study how to build a new cyber information collaboration environment to enable government and industry to better mitigate malicious cyber activity.

The leaders of the National Security Agency (NSA) and Cybersecurity & Infrastructure Security Agency (CISA) will be required by April 30, 2023, to conduct a study and brief relevant Armed Services Committees in Congress regarding how Department of Defense components and entities, such as the NSA, can support the development of a “cyber threat information collaboration environment program,” the NDAA 2023 bill stated.

The NDAA highlighted that the creation of such a program needed to be studied because “we note that the need for government and private sector stakeholders to be able to share and consume cybersecurity-related information on a single platform, or at least achieve interoperability across the information technology systems used for situational awareness and threat assessment, remains as urgent as ever.”

The inclusion of the language in the NDAA comes as cyber threat information sharing with the private sector remains a top priority for the intelligence community and the Defense Department.

In 2020 the National Security Agency launched the Cybersecurity Collaboration Center (CCC), which providers an unclassified environment in which critical infrastructure owners, elite private sector threat analysts and others are able to share data with the IC.

Late last month, in an interview with FedScoop’s sister publication CyberScoop, the director of the CCC set out recent progress at new department as it seeks to bring NSA cyber analysts closer to outside threat hunters.

“No guns, no guards, no gates,” CCC Director Morgan Adamski told CyberScoop. “We want to have a very friendly environment.”