Seven years ago, The Department of Homeland Security (DHS) introduced the Continuous Diagnostics and Mitigation (CDM) program to enable federal agencies to build better defenses against cyber threats and become more resilient in the face of attacks. While many government initiatives get a bad rap for falling short of their original intent, or simply failing, the DHS CDM program has been highly successful.
A recent survey by MeriTalk found that federal and industry stakeholders overwhelmingly consider the program a success. Based on interviews with 160 CDM stakeholders over 85 percent responded that CDM had improved the federal government’s cyber security capabilities and while the initial successes have been impressive, the majority of respondents were clear that continued success is dependent on continued investment in the program.
A closer look at the survey findings reveals, however, that there are some sharp divisions between the perspectives of federal agencies and the contracting community, particularly over the speed of the CDM program rollout and whether the focus going forward should be on high-value environments (agency) or broader solutions (contractor).
Fewer than a quarter of industry respondents (24 percent) think the CDM program is being rolled out in a timely fashion and only slightly more (27 percent) are confident that the CDM program is keeping up with the changing cyber security landscape. This is in comparison to nearly half (49 percent) of agency respondents answering that the CDM program is moving at an appropriate pace and over half (56 percent) replying that CDM is keeping up with the evolution of the threat landscape.
What is at the heart of this divergent view regarding the pace of change and the ability of the CDM program to keep pace with the evolution in cyber threats? According to CDM expert, Tom Topping, Senior Director of Strategic Initiatives and Programs at FireEye, the difference comes down to perspective. “Everyone wants successful programs, like CDM, to go faster. I interpret the differences as: industry comparing the pace of change to what industry is capable of and the government responders are comparing the pace of change to what government is capable of,” he shared.
“That everyone agrees that CDM is successful, is terrific. That the administration is continuing to improve and support CDM, is even better. Phase 3 DEFEND will bring even more visible and impactful improvements to agency cyber capabilities; that’s best of all,” Topping added
To keep pace with cyber adversaries, agency defenders much first have the ability to know three things: what’s on their network, who’s on their network, and what’s happening on their network. As Topping noted, “while it might be true that the CDM program, as it is today, is not fully keeping pace with the evolving threat landscape, the three phases are building the necessary foundation that will enable agencies to most effectively identify, detect, respond, and recover.”
With Topping working closely with Executive Branch Agencies to identify what is happening on their networks he is able to share one of the most comprehensive views of the threat landscape. . “In our role where we’re working with both private sector clients and government agencies, we see, perhaps the broadest picture of the threat landscape,” Topping shared. “It’s incumbent upon the vendor and contractor community to share this broad perspective and data with our agency partners and collaborate with them so they can continue to build robust defense capabilities. And this is exactly what Phase 3 of the CDM program is designed to do.”
Phase 3 of the CDM program, known as Dynamic and Evolving Federal Enterprise Network Defense (DEFEND), includes professional expertise to understand what is happening on networks and effectively respond to security incidents. “Successful cybersecurity programs are never just about tools,” said Topping. “It was the right choice to include vital training and other advanced cyber services to enable the transformation and lock in the new tools, methodologies, and workflows,” he said.
Topping is also confident that DEFEND will continue to have a significant and timely impact on the continued success of the CDM program. “Successful cybersecurity programs are never just about tools,” said Topping. “It was the right choice to include vital training and other professional development services that have been developed by approved contractors and I am confident that DEFEND will have a significant and timely impact on the continued success of the CDM program.”
With the entire cybersecurity community clearly aligned on both the importance of the CDM program and the merit of its goals, it’s clear that the core work of Phase 3 will address many of the concerns highlighted in the recent survey. “Government and industry has an excellent track record of working together through the first two CDM phases,” Topping concluded, “and it’s easy to foresee this combined team building upon the strong foundations laid by the first two phases of CDM.