This year the Department of Homeland Security’s groundbreaking Continuous Diagnostics and Mitigation (CDM) program moves into its third phase. For the 23 CFO Act agencies that are covered by CDM, including the Department of Health and Human Services, the Department of Defense, and the Department of State, Phase 3 represents a significant step on the path to more robust cyber defenses for the nation’s most critical information and assets. Tom Topping, Senior Director of Strategic Initiatives and Programs at FireEye, shared his thoughts on how federal agencies can prioritize spend to meet the goals of the CDM program and truly bolster security.
DHS’s CDM program is pivotal to improving government cyber security. The CDM program has entered Phase 3, moving from discovery and management of government networks to active defense and response. This phase focuses on monitoring what is actually happening on the network, offering federal agencies the opportunity to significantly advance the capabilities of their cyber security programs.
The contract/task order component of Phase 3, known as Dynamic and Evolving Federal Enterprise Network Defense (DEFEND), includes professional expertise to understand what is happening on networks and effectively respond to security incidents. It’s important to understand that the CDM program is about a lot more than access to better cybersecurity tools. The program also delivers vital training and services, provided by approved contractors.
We’re working closely with agency cyber leaders as they look to meet the Phase 3 requirements:
- Identify integrated solutions to address identified cyber program capability gaps.
- Identify the training and services to support the identified solutions and ensure successful adoption of new capabilities.
- Adopt and leverage actionable cyber intelligence to improve protection, event identification, response, and recovery.
- Establish as-needed, on-demand, cyber security surge capabilities to easily address urgent skill shortages during event responses.
The specific process through which these tools and training can be delivered through CDM is known as a Request for Service (RFS). An RFS can cover both products and services. It needs to explain what the agency is trying to accomplish and map that security objective back to CDM Phase 3 requirements. Products and services identified in an RFS must be on the CDM Approved Products List (APL) to qualify for possible off-setting funding from DHS.
We have been helping government customers mature and streamline their cyber operations for over a decade. This support includes working with many agencies to successfully manage the RFS process, including identifying cybersecurity vulnerabilities and aggregating the necessary RFS documents for agency leadership review and subsequent submission.
We recommend that agencies use the RFS process to:
- Reassess, and then reprioritize, their current security gaps in alignment with the CDM Phase 3 requirements;
- Acquire expert services to:
- Redesign, implement, and optimize cyber workflows
- Conduct advanced training on new solutions
- Establish regular attack simulations
- Acquire access to highly skilled cyber experts in an “on-demand” fashion.
What has been demonstrated through the first two phases of the CDM program is that with the appropriate guidance from both the Department of Homeland Security and private sector partners agencies are able to build robust cyber defenses. With some research, planning, and judicious use of the RFS process, the outcomes of Phase 3 will be as successful as the first two phases. With the right mix of tools and training agencies will not only be able to clearly understand what is happening on their network, but quantifiably validate if their controls are protecting critical assets as intended.
Ready to learn more? You can find more insights and learn how to meet your agencies CDM needs here.
A version of this article was previously published on FireEye’s blog.