In the year since the OPM breach, federal agencies have made significant strides in their cyber security postures. One of the key tools that have helped move agencies – including the Department of Homeland Security (DHS) and Department of Commerce – toward a proactive cyber security posture is continuous diagnostic and monitoring (CDM). In a recent Federal Executive Forum roundtable hosted by Jim Flyzik on Federal News Radio, government and industry IT leaders sat down to discuss best practices for continuous monitoring.
Mark Kneidinger, Director, Department of Homeland Security, Federal Network Resilience, shared that over the last year 97 percent of government agencies have entered phase 1 of CDM compliance and have started closing the gaps in their cybersecurity postures. One of the most important elements for the success of CDM that he identified is collaboration – at the people level, but also at the contracting level. Between the BPA that enables agencies at all levels of government – including state, local, and tribal governments – to purchase CDM tools with cost savings and the shared services model initiated by DHS many of the obstacles that normally stand in the way of sophisticated solutions being implemented by smaller agencies have been removed. Moreover, Kneidinger noted that collaboration goes beyond contracting vehicles and that the DHS has made collaboration at the ‘people level’ a priority to ensure it both listens to and communicates with all agencies to incorporate insight into a larger body of knowledge that can be shared.
So while the collaborative approach to implementation and execution is certainly different, what makes CDM different from other cyber security tools and methodologies? According to Rod Turk, Chief Information Security Officer for the Department of Commerce, CDM is like a “bucket of [security] tools that work together so that you’re no longer operating in an ad hoc or uncoordinated” manner. He noted that “CDM has allowed Commerce to take care of the low hanging fruit and…concentrate on higher order security issues.”
In essence the CDM allows agencies to create a baseline of their security posture, identify where the vulnerabilities are, and with the right tools also identify what systems, applications, or tools are not reporting. Then, with that baseline established, agencies are able to patch the vulnerabilities quickly and completely, develop reliable and repeatable processes. CDM instigates compliance that can be verified in real-time on an on-going basis, rather than assumptive compliance between annual FISMA audits.
As Ralph Kahn, Vice President of Federal, Tanium and Federal Executive Forum panelist cogently noted “automation is critical to securing the network; in fact it’s the only way to survive. You have to stop defending manually against automated attacks.”
Are you interested in learning more about how to automate the hunt to find Indicators of Compromise quickly and remediate before damage is done? You can download a 5 step guide here.