Agencies are sharing cyber data with CISA, officials say
The Cybersecurity and Infrastructure Security Agency is rapidly expanding its visibility into federal networks under the Biden administration's cybersecurity executive order.
All federal civilian agencies have updated their agreements with the Cybersecurity and Infrastructure Security Agency (CISA) to share object-level data through Continuous Diagnostics and Mitigation (CDM) program dashboards, an agency official told a House panel on Tuesday.
"We are now able to access that necessary data," Eric Goldstein, CISA's executive assistant director for cybersecurity, told lawmakers on the House Homeland Security Committee's Subcommittee on Cybersecurity, Infrastructure Protection. Goldstein said the CDM data access was "critical" for CISA to better understand risk conditions across networks and implement more targeted mitigation techniques.
CISA's access to the data was a feature of President Joe Biden's year-old cybersecurity executive order.
Goldstein added that the agency was in the midst of a "remarkable technology improvement" across the federal CDM dashboard and "getting more agencies onboarded at this point every week," and noted that almost all of the 24 largest agencies are already connected.
"This really is the first time that CISA and federal agencies have had this level of visibility, and we are really excited for how we can use both operationally and….to support our colleagues at [the Office of Management and Budget] and the Office of the National Cyber Director in understanding and measuring federal cybersecurity risk."
Goldstein said CISA had not been met with resistance when it came to the required information sharing aspects associated with the CDM program, in part because agency chief information officers are benefiting from increased visibility into the federal cyber posture.
Goldstein also touted efforts underway to integrate new mobile device management capabilities into the CDM program. Under questioning from Rep. Kathleen Rice (D-N.Y.), Goldstein said he expected to make "significant progress in getting the breadth of federal agencies onboarded into these key tools by the end of this fiscal year."
"This is a key evolution for the CDM program which historically was focused on workstations and servers," Goldstein said. "Of course we know in this new hybrid even remote-first universe we live in, a lot of federal employees are using their mobile devices for a significant volume of agency work and processing important information."
In his prepared testimony, Goldstein also said that CISA has developed an endpoint detection and response (EDR) capability to be fielded to federal civilian executive branch agencies. So far, more than 15 agencies have onboarded commercial EDR capabilities. Goldstein explained under questioning that he expects these capabilities to be in place at 53 agencies by the end of the current fiscal year.
"We have seen great uptake across federal civilian agencies but the work needs to continue. I will look forward to working with Congress on annualizing investments [made] under the American Rescue Plan Act" into the 2023 budget.