Continuous Diagnostics and Mitigation (CDM) Program Manager Kevin Cox said today that all 23 CFO Act agencies covered under CDM are now connected and feeding data to the Federal government-wide cybersecurity threat dashboard.
In June, Cox reported that 20 of 23 agencies were transmitting data to the dashboard, which compiles and consolidates cybersecurity threat information from individual agency feeds.
Cox said on August 30 that the Department of Homeland Security – the agency that runs CDM – had conducted successful tests with the remaining three agencies, and simply needed to iron out technical configurations with the feeds before they were connected. He expected the work to be completed in about month’s time, and it appears DHS has made good on that promise.
“Today, we have all of the 23 CFO Act agencies exchanging data with the Federal dashboard. We have four non-CFO Act agencies as well,” Cox said at an event organized by FCW. He added that DHS is working to upgrade the dashboards across the Federal government, and implement a new scoring algorithm to gauge cyber preparedness.
In connecting the remaining three agencies, DHS has fulfilled a goal referred to as a “critical focus” by Federal CIO Suzette Kent in late August.
Regarding the program as a whole, Cox said that DHS is working to not only expand the areas that CDM provides support to, including cloud and mobile technologies, but also looking to implement more stringent requirements for its vendor supply chain vetting process.
“We’re also working with our security folks within DHS to evaluate many of the products that we’re deploying, to do threat assessments against those, to really make sure that the products that we’re helping get the agencies to make their network secure, are as secure as possible,” he said.
Cox also addressed legislation currently making its way through the Senate after passing in the House early last month, that would codify the CDM program into law.
“What the legislation does is really help get the buy-in across all the agencies to support the efforts of the program,” Cox said. He added that codification will also add an additional level of visibility to the program, although he feels that the level of agency buy-in and collaboration is already very strong.
“I think that’s there already, but it doesn’t hurt to then get it codified in legislation, to continue forward with the many efforts we still have ahead of us, in terms of securing the cloud, securing the data, really getting the agencies the full visibility that they need in order to feel that they have good cybersecurity across their entire environment,” Cox said.