Phase One of the Continuous Diagnostics and Mitigation broad purchase agreement (CDM BPA) issued by the Homeland Security Department is moving along, but it has introduced some complexities that CIOs and cybersecurity offices have to navigate.
Panelists at FedScoop’s cybersecurity summit said that many agencies already had some of the capabilities covered in Phase One, but now have to figure out how to integrate them with the tools and sensors included in the BPA.
Matt Brown, VP-Homeland Security, Knowledge Consulting Group, said federal IT and cybersecurity professionals will need to keep their existing security infrastructure in place for a while. It will take up to a year to get the sensors in place, so “keep what you have in place and keep it current,” he said.
Nor is it just about the technology. Panelists agreed organizations face a major cultural shift.
“Most departments and agencies have some level of [cybersecurity] infrastructure in place,” he said. In some organizations it is handled by the IT shop, while in others there is a dedicated cybersecurity office, he said. “CDM is going to blur those lines … [T]hat’s going to really change some of the communications lines between the security office and the IT operations office.”
Whether it’s an organizational chart change or roles and responsibilities change, managers have to think through how that will affect operations, Brown added.
Martin Stanley, DHS’ Cybersecurity Assurance Branch Chief – Federal Network Resilience, said implementing CDM will help ease rivalries between the two functions.
“What we’re talking about here is fundamental to moving that risk-based understanding from the rear view mirror,” based on events that have already occurred, he said. CDM will enable “some real data-driven decision making, and that’s the kind of thing that will bridge that gap, that adversarial relationship, because you’ll be talking about facts and specifics.”
Stanley said the CDM BPA already is having positive effects beyond cybersecurity.
“The FedSim BPA has already resulted in significant savings on the [GSA’s] Schedule 70 pricing,” he said. “What we’re seeing as a result is other delegations of procurement authority being exercised … to acquire tools and sensors independently through this vehicle.”
Another potential long-term benefit might help the government’s challenges in recruiting and retaining tech professionals.
“One of the things I think is great about the CDM program is how it’s really standardizing the capabilities and requirements of the federal technology infrastructure,” Brown said. As a result, those working with CDM tools and sensors in one agency should be able to move to almost any other agency and be able to contribute very quickly, rather than facing a steep learning curve.
Government agencies rely on immixGroup to supply the technology products they want through the contract vehicles and business partners they prefer. immixGroup has created a tool to allow you to filter through our cybersecurity solution providers to ensure you get reliable access to the products you need to complete your mission objectives. Visit the resource directory to learn more about what our CDM vendors are offering based on functional area.