ECS last week delivered the first version of the new Continuous Diagnostics and Mitigation (CDM) dashboard for Federal agencies to the CDM program’s systems integrators, said Joanna Dempsey, Director of Cyber Solutions at ECS. Dempsey spoke on an April 28 MeriTalk webinar, “The Next-Gen CDM Dashboard: Real-Time Cybersecurity Insights.”
The delivery of the minimum viable product (MVP) dashboard is a major step in establishing a new cyber analytics ecosystem for civilian agencies. ECS runs the CDM Dashboard II program under the Department of Homeland Security’s (DHS) CDM program – the largest cybersecurity initiative for Federal civilian agencies. The program provides capabilities and tools to help agencies identify cybersecurity risks, prioritize risks based on impact, and mitigate the most significant problems first.
The systems integrators working on the latter stages of the CDM program – called Dynamic and Evolving Federal Enterprise Network Defense, or DEFEND – are working with the new dashboard in their labs, and they will be working with early adopter agencies on pilot implementations in April, May, and June, Dempsey said.
The agency dashboard aggregates data collected from tools and sensors across an agency, after it has been normalized by the systems integrators, so the agency has an enterprise-wide view of cyber risk. The MVP agency dashboard ingests agency data and applies simple visualization to enable users to verify the data.
With the initial release of the dashboard, DHS and ECS want to “get back to basics,” Dempsey said, simplifying the dashboard functionalities and then maturing them based upon feedback from agencies and DEFEND integrators. ECS also wants to provide transparency into the data.
“We feel that [transparency] is critical for fostering trust in the data and understanding the data,” Dempsey said. Agency users will be able to click on a visualization and drill down to see the underlying data. “If you disconnect visualizations from the underlying data, you are introducing questions that the dashboard can’t answer, and it creates trust issues. We want to make sure we are providing that transparency,” she said.
By the end of fiscal year 2020, ECS plans to release the MVP of the Federal dashboard, which presents an enterprise view across all civilian agencies. By the end of calendar year 2020, ECS expects to have the Federal dashboard deployed at DHS and will be working with agencies to reestablish their connections to it.
Joining Dempsey on the webinar were Bernard Asare, Senior Cybersecurity Advisor in the Department of Health and Human Services Office of the Chief Information Security Officer, and Matt Campbell, Regional Vice President for Civilian Agencies at Elastic. ECS is partnering with Elastic to implement the new dashboard. The dashboard draws on Elastic tools including Elasticsearch, a distributed, open-source search and analytics engine, and Kibana, an open-source analytics and visualization platform designed to work with Elasticsearch.
Asare said he’s excited for the improvements the new dashboard will bring over the previous iteration, which was unable to scale to ingest the volume of data coming from cyber tools at HHS’s 12 operational divisions. In addition, HHS had to stand up three additional dashboards to get an enterprise view of its cyber risk.
“Imagine my surprise when Elastic shows up and they the use the term ‘dashboard ecosystem.’ That tells me there are various parts that they are baking into the solution to make this work,” Asare noted. “Elastic is talking to our [DEFEND] integrator before they come to us, and they are receiving our feedback as well. So I feel like we are involved in the decision-making progress and how this dashboard is going to be put in place for us.”
One of the near-term objectives of the new dashboard is to move more quickly, Campbell noted.
“Instead of a batch rollup procedure, we want to be able to ingest and analyze [data] in near real time – in under a second … so you can take action right at that point in time,” Campbell said. “From a CDM architecture perspective, Elastic is extremely well positioned to be a data integration hub because of our speed and scale – not just with data ingest, but being able to get data into a common schema.”
ECS adopted the Elastic Common Schema for the dashboard. The schema standardizes data from diverse sources into a common set of document fields. As a result, the data can be used for visualizations and machine-learning algorithms, Campbell noted.
Dempsey invited agencies and DEFEND systems integrators to provide feedback and suggestions for the dashboard by emailing firstname.lastname@example.org. The full webinar is available on MeriTalk.com. On May 11, look for new research from MeriTalk, “CDM: The Next Chapter.”