Tuesday, July 1, 2014
Dan Chenok and John Lainhart explain why CDM is set to play a central role in cybersecurity.

Increased connectivity has transformed and improved access to government – citizens today can connect with government agencies and leaders in ways that were unimaginable just a few years ago.

This connectivity, however, has also increased the importance and complexity of our shared risk.  The ever-increasing number of cyber attacks on federal government networks is growing more sophisticated, aggressive and dynamic. It is paramount that as the government continually provides essential services to the public, agencies also safeguard information from theft and networks and systems from attacks while protecting individual privacy, civil rights, and civil liberties.

In order to provide for effective and efficient information for citizens and businesses online and in real time, agencies are leveraging applications that allow ongoing visibility into threats, vulnerabilities and incidents on their network.  The government’s use of this category of applications is central to the Department of Homeland Security’s Continuous Diagnostics and Mitigation program -- a dynamic approach to fortifying the cybersecurity of computer networks and systems.  The CDM program provides capabilities and tools that enable network administrators to see the state of their respective networks at any given time, understand the relative risks and threats, and help system personnel to identify and mitigate flaws at near-network speed.

DHS established the CDM program to support government efforts to provide adequate, risk-based and cost-effective cybersecurity.  CDM, which is also available to state, local and tribal government entities, provides government stakeholders with the tools they need to protect their networks and enhance their ability to identify and mitigate cyber threats and it provides a path to providing greater intelligence about enterprise security. 

Importantly, CDM also complements the risk-based approach to security that agencies can leverage to ensure a comprehensive program that enables missions while effectively safeguarding assets, leveraging National Institute of Standards and Technology (NIST) guidance for implementation across a broad range of agency activities.

Even with strong efforts across the government, the Government Accountability Office and inspectors general offices report that security continues to be a challenge for Federal agencies. This reinforces the strong support across the federal government for CDM, and its call for more automated and proactive approaches to controlling and protecting federal data and systems – which Departments, agencies and component levels all need to accelerate their move to enterprise security intelligence.

Security and Intelligence

CDM enables agencies to move from a reactive manual approach, which relies on often-heroic human actions to protect Federal data and systems, to one of predictive and automated security analytics, where data and systems are protected by automated decision-making, leveraging the human knowledge to make sound security decisions based on risk, vulnerabilities and consequences.

A holistic, intelligent approach to security, helping organizations combat the increase of cyber attacks, insider threats and advanced persistent threats, provides organizations with enterprise security that most organizations find illusive to date.  This approach relies on an architecture for security intelligence operations that comply with the increase of mandates and Federal regulations.  Such an effort also correlates assets, threats and vulnerabilities to create situational awareness for sound risk management decisions.

To implement this approach, agencies benefit from solutions that can efficiently process billions of events from multiple devices transforming them into actionable incidents based on risk and threat analysis. By doing so, enterprises can actively and accurately predict, prevent, react and remediate security risks in their organization, ultimately achieving a more “intelligent” approach to managing security, which automates and streamlines systems and security management to lower the total cost of managing their IT assets, from securing mobile devices, laptops, desktops and servers – physical or virtual, on or off-network, personally or corporate-owned.

This enterprise strategy for security makes new technologies, such as cloud and mobile, more secure -- especially if coupled with agency actions to assess their security posture, develop a strategy, design a strategic architecture, implement security & privacy controls and manage the solutions.   As this real-time, continuous diagnostics and mitigation approach matures, and is integrated with sustained attention to risk-based approaches to managerial and operational controls -- agencies will be able to more effectively address the challenges of securing their people, data, applications, transactions and infrastructure.


** Image courtesy of David Castillo Dominici at FreeDigitalPhotos.net