In 2012, the Office of Management and Budget listed 14 cross-agency priority goals as part of the Government Performance and Results Modernization Act. One topic identified was continuous monitoring of Federal IT networks. The next year, the Department of Homeland Security (DHS) announced a $6 billion program to address this: the Continuous Diagnostics and Mitigation (CDM) program.
The goal of the program was to provide Federal agencies with the tools to identify and address cyber threats, and is designed to roll out in four phases. Each phase addresses ways to establish a system to continually monitor the network and identify and target threats. Phase 1 seeks to find what out devices are on a network; phase 2 asks which persons are on a network; phase 3 examines what information is getting in through a network; and phase 4 deals with data protection capabilities. Only phases 1 and 2 are underway.
Four years after its launch, DHS’s CDM program released phase 3, which, according to Kevin Cox, CDM program manager, addresses broader goals than the previous two phases.
While technology will still be an important facet of phase 3, Cox noted that there will also be an emphasis on the processes agencies use when managing cyber threats.
As an extension of phases 1 and 2, phase 3 will include standardization of incident responses. When the agency CDM dashboards launch later this summer, departments will be able to view their own cybersecurity issues in order to track their progress resolving them. Through the dashboard process, agencies will be able to connect incidents with certain devices, and communicate their findings to DHS’s National Cybersecurity and Communications Integration Center.
“Now that tools are in place, we’re starting to work with data from tools to help agencies with cybersecurity reporting and incident reporting,” Cox said.
The agency dashboards will ultimately be joined by a Federal dashboard, which will be located at DHS’s National Cybersecurity and Communications Integration Center. The Federal dashboard will offer a portal through which all agency dashboards are visible. The dashboards will help agencies track activity over time and provide indicators of suspicious behavior on networks.
Ryan Gillis, vice president of cybersecurity strategy and global policy for Palo Alto Networks, said the successful launch of the Federal dashboard remains to be seen during an exclusive Q&A with MeriTalk. Palo Alto Networks’ recent CDM whitepaper noted they have included CDM capabilities in its Next Generation Security Platform to identify and report on cyber threats, and integrate with key capabilities for security automation and improved detection and correlation.
“I think it will remain a focus; however, it remains to be seen as to whether or not they accomplish this goal,” Gillis said. “There is a lot that we’ve seen over the last 10 years in regard to CDM and EINSTEIN deployments–but there is a new set of circumstances and challenges with the turnover in personnel and ushering in of a new administration that impact the complex deadline of deploying the dashboards by 2017.”
Gillis said that, as with any large government acquisition vehicle, CDM poses some challenges. For example, agencies must determine how to optimize their existing cyber tools and best align and complement them with what CDM has to offer. Another challenge is maintaining an appropriate technology refresh cycle in order to keep up with emerging tools and technologies.
He said DHS’s willingness to examine new technology—rather than remain set on “one static solution”—is helpful for agencies.
“Agencies are trying to drive as much harmonization as possible between what they’re getting through CDM, what they’re deploying themselves and how that all functions together,” Gillis said.
The CDM program extends to dozens of agencies. However, Cox identified a few best practices that agencies have displayed across the board. He said, from a process standpoint, some agencies have excelled in setting up a governance structure within their components. A cohesive governance structure helps agencies use their CDM data to improve their cyber posture, according to Cox.
Cox said the agencies that make the most of CDM use technology to its full capacity, rather than just basic capabilities.
“Agency leadership is seeing the outcomes of tools. We’re starting to see buy-in even more from the political side. At the end of the day, leadership needs visibility on these assets and how well these assets are secured,” Cox said. “People have the information to do the reporting needed.”