A plethora of still-developing advanced technologies – plus new systemic approaches that recognize the growing dominance of cloud and managed services – will be key drivers of security improvements for Federal agencies several years from now as they continue to implement the Continuous Diagnostics and Mitigation (CDM) program.
That’s the broad predictive sentiment from a sampling of many of the most important private-sector players supplying technology and services through the Department of Homeland Security’s CDM program.
MeriTalk asked industry: “Given the inevitability of rapid technological change and improvement, how different may the nuts and bolts of the program and its mission look seven years from now?” That future-focused query is a follow-up to our reporting earlier this month that asked the industry to rate agency demand for CDM services at the seven-year mark of the program that began in 2012.
Ten CDM industry respondents – Tenable, Zscaler, Splunk, Elastic, Forcepoint, Forescout, Broadcom, ManTech, RedSeal, and Trustwave – broadly agreed that the while the CDM program’s mission of promoting better Federal agency cybersecurity would remain unchanged, the tools and approaches to getting to that goal may be in line for rapid evolution.
On the technologies side, many industry players flagged the growing importance of artificial intelligence (AI) and robotic process automation (RPA) technologies to help in the CDM mission. And on the infrastructure front, many agreed that increased adoption by Federal agencies of cloud services will pave the way for increased use of managed security services that can move agencies closer to the goal of better security.
These and similar themes will be touchpoints for expert discussion at MeriTalk’s CDM Central: Navigating the Cyber Roadmap event on October 10, followed by MeriTalk’s Cyber Smoke Federal IT networking event.
In their own words (subject to light editing), here is how the industry players envision the CDM program seven years from now:
Christine Carberry, Vice President-Federal Business Unit at RedSeal: “Nobody is going to have the exact answer to how things are going to evolve. However what we are seeing is more and more adoption of cloud-based products and putting applications in the cloud that need to be secure. Having your SDN (software-defined networking), your cloud environment, your physical environment visible to you so you have awareness of how everything is connected will only become more important. Having that visibility of how all of those cloud components are connected is something that is becoming more important than it was years ago. When the program began in 2012, the shift to cloud and SDN was not really underway, but six years from now it will be ubiquitous.”
Adilson Jardim, AVP of Sales Engineering, Public Sector, at Splunk: “There are two dimensions to this question. The first focuses on understanding the existing assets, inventory and posture. The inner workings of this will change gradually as agencies upgrade and refresh applications, hardware and infrastructure. Most will be gradual changes. The second focuses on IT modernization and the accelerating pace of adoption of cloud-based services. This is where we see the greatest amount of evolution, as vendors and innovators can do so much more to deliver innovation to customers. But in order to benefit from this innovation, agencies should consider how data in the CDM platform can identify which applications and patterns that can provide insight into the best migration targets. For example: what applications are out of date or under-utilized? What mission services would benefit from a cloud-based service with minimal disruption? With the success of the FEDRAMP program, agencies can rely on an ever-increasing number of Cloud Service Providers to consider. As this continues, the CDM capacity will evolve to include a much more diverse set of on-premise, cloud-based and hybrid capabilities.”
Jodi Kohut, Director of Partners and Programs at Broadcom: “The mission will likely not change, as the government will want to maintain a continuous view into the security posture. As technology evolves, we expect that the government will leverage the best of artificial intelligence, machine learning, as well as the underlying network components to enable a predictive, responsive, and automated context aware security boundary.”
George Young, Vice President of U.S. Public Sector at Elastic: “It is impossible to know exactly how threat vectors will evolve over the next seven to ten years. New tools and more sophisticated sensors will be developed to address emerging risks, but what will remain the same is the foundational need for scalable search technologies. The program will continue to embrace a more proactive posture for threat detection and prioritize the ability to conduct targeted searches within enormous datasets to identify anomalies and remediate attacks. This will be critical to staying one step ahead of adversaries. Combining search technologies with rapidly evolving machine learning tools will continue to streamline automation and free up security teams to focus their human intelligence on the most pressing risks. We also anticipate that transparency in the code base for cybersecurity solutions will become the norm, with a focus on reducing the attack surface by eliminating individual tools and moving to more multi-disciplined platforms.”
Erik Floden, Director of Global Strategic Alliances at Forescout: “CDM’s mission is closely aligned to the Federal government’s requirements to identify and mitigate risk and will as a result likely remain consistent over time. The nuts and bolts of how the program delivers tools and services to agencies in the future is less constant and there are two big future variables. The first is if and how quickly agencies consume CDM offerings as a managed service, especially medium and larger-sized agencies. The second is fundamental to the success of the program, and that is whether the agencies are successful at using the CDM tools and services DHS provides to identify and mitigate risk. The pace with which agencies can reduce their identified risks and improve the security of their enterprise will be crucial.”
Eric Trexler, Vice President, Global Governments and Critical Infrastructure, at Forcepoint: “A 2018 Forcepoint survey on the state of CDM found many fundamental challenges were slowing agencies’ progress in meeting CDM goals and these still hold true today despite the CDM Programs best efforts. While progress is happening, and Group F agencies are entering the program and funding requests for CDM continue to rise, many agencies are moving forward too slowly with methodical planning of next steps for their agency. Adversaries are outpacing agency’s best efforts to keep up, a new security approach is required.”
Chris Jensen, Public Sector Business Development Manager at Tenable: “It certainly seems like the program’s lifespan will continue well beyond the performance periods of the current task orders. Both the House and Senate have introduced legislation to codify and expand the CDM program. In addition, CISA (Cybersecurity and Infrastructure Security Agency) has been granted additional authority by the White House to serve as the federal ‘Quality Service Management Office’ for cyber and to issue Binding Operational Directives which will allow the agency to continue to adapt and evolve the CDM program as needed in the years ahead. The primary ‘nuts and bolts’ theme will be shared services, and consolidation in general. From day one, CDM has been an effort to bring all federal agencies up to a consistent standard of cybersecurity. Achieving that consistent standard in the future requires more consolidation, integration, and centralization of the federal enterprise, as defined and implemented by CISA. CISA’s influence will also drive the scope of the CDM program, as the whole of our nation’s critical infrastructure, which includes Operational Technology, such as Industrial Control Systems (ICS), is brought under the CDM umbrella.”
Stephen Kovac, Vice President of Global Government and Compliance at Zscaler: “One possibility is that CDM could become a SaaS-based repository of threat data, still providing tools and dashboards and sharing insights from the collected data to agencies in real time. Instead of the CDM program collecting data through deployment of their infrastructure, in the future they might rely on data collected from the cloud service providers without the cost or challenges of having to deploy CDM-owned hardware and systems. The program’s primary role in this model would be to serve as a massive security data warehouse and threat analysis and alert system, integrated into a multi-functional vendor-agnostic dashboard that provides security situational awareness in real time.”
Seana McMoil, Senior Executive Director & Branch Manager, National Cybersecurity Programs, at ManTech: “ManTech was one of the first companies chosen to deploy CDM, thus our cyber team has extensive CDM experience across the federal landscape. We know that technology will change, as will security risks. New technologies and innovations, like robotic process automation, are continuing to be developed or matured to address security risks and empower cyber teams. We are invested in ensuring that agencies are well positioned to mitigate the risks present in the changing threat landscape. Our tool-agnostic approach ensures that we are continually evaluating and introducing innovative solutions to our stakeholders to safeguard federal agencies from evolving cyber threats.”
Bill Rucker, President of Trustwave Government Solutions: “The players may change but the game remains the same – protect the agency mission at all costs and what could put it at risk – THE DATA. With the threat landscape that is ever evolving, so too must the technology to defend against adversaries. We constantly face attacks from cyber criminals and nation states with growing sophistication especially in their ability to evade detection or bypass defenses with rudimentary social engineering. As data continues to grow at exponential rates and attack vectors are created through Internet of Things and new applications added to environments, the ability to detect faster will be crucial. Trustwave’s investment in AI, machine learning, and SOAR (Security Orchestration, Automation, and Response) in our continuous monitoring solutions has been critical to our innovation and staying ahead.”
