The Department of Homeland Security’s flagship program for improving federal agencies’ cyber security has moved into its next phase, CDM DEFEND. This expanded implementation plan is part of the National Cyber Strategy, released by the Administration in September 2018.
The Continuous Diagnostics and Mitigation (CDM) program has moved from discovery and identity management to active defense and response – focusing on monitoring what is happening on the network and providing agencies the tools, training and services to significantly advance their cybersecurity programs’ capabilities.
“[S]ituational awareness is really what CDM is all about,” Federal CISO Grant Schneider said at MeriTalk’s CDM Central event in October. By monitoring network traffic and events, CDM gives cyber security professionals stronger ability to effectively respond to incidents.
CDM’s current contract/task order, Dynamic and Evolving Federal Enterprise Network Defense (DEFEND), sets out requirements that agencies must fulfill. These include the ability to:
- Identify integrated solutions to address identified cyber program capability gaps;
- Recognize the training and services needed to support those solutions and ensure successful adoption of new capabilities;
- Adopt and leverage actionable cyber intelligence to improve protection, event identification, response, and recovery;
- Establish as-needed, on-demand cyber security surge capabilities to provide agencies a way to address urgent skill shortages during incident responses.
Schneider said the goal of CDM is to provide agencies with knowledge of “what we have today, … what is in our environment, [and] what are users doing,” which are all essential to protect government data at the data level. DEFEND bolsters this by establishing capability requirements in such areas as boundary protection; event management; operate/monitor/improve; and design/build-in security.
Maria Roat, CIO for the Small Business Administration, said her agency – the smallest of the 24 governed by the CFO Act – is meeting CDM requirements with cloud-based tools because they are more cost-effective for her budget constraints. “It’s about the intent of CDM,” Roat said. “I can see our entire footprint, across the enterprise for all my users, wherever they are.”
Tom Topping, Senior Director of Strategic Programs at FireEye, shared that with every agency’s infrastructure and threat profile being unique, being able to lay out an agency’s CDM needs via the Request for Services process is essential. “The Request for Service process is highly effective at helping agencies assess and prioritize their current security gaps, align with the DEFEND requirements, and acquire expert services to facilitate the successful adoption of the new technology and processes. It’s clear that a major component of CDM’s success is the flexibility it provides to each agency to determine what is going to work best for their situation and needs. Roat and her team at the Small Business Administration is a perfect example of this.”
As the nation’s cyber adversaries become more sophisticated with their attack on data and more determined in their efforts to disrupt networks, the capabilities laid out in the CDM program have never been more important. By working with the CDM program office and with trusted partners what could easily be an overwhelming experience, is, instead, a clearly laid out path to success no matter the agency’s size or mission.