CISA's new JCDC worked as intended, witnesses say at Senate hearing on Log4Shell bug

Written by
Feb 8, 2022 | CYBERSCOOP

Changes in federal cybersecurity leadership over the past year allowed the private and public sectors to quickly work together in responding to the disclosure of the Log4shell bug last month, experts said Tuesday at a Senate hearing.

Witnesses at the Homeland Security and Governmental Affairs Committee hearing praised the usefulness of the Joint Cyber Defense Collaborative, a new center launched by the Cybersecurity and Infrastructure Security Agency in August to help federal agencies, the private sector and state and local governments collaborate on cyberthreat response.

“Its structure provided a body to scramble a snap call on Saturday afternoon after Log4shell emerged to allow industry competitors act as partners with the government to share raw situational awareness and we must continue building upon this partnership,” said Jen Miller-Osborn, deputy director of threat intelligence at Palo Alto Networks’ Unit 42.

The witnesses warned that the fallout from Log4shell — a vulnerability in the widely used Apache open-source logging tool Log4j — is likely far from over. Committee Chairman Gary Peters, D-Mich., convened the hearing with the hopes of helping to head-off the next Log4j-level disaster.

“The weaknesses in Log4J is just one example

Read More: