The future of CDM is in data governance, proactive threat detection
COMMENTARY: The Continuous Diagnostics and Mitigation program has helped to greatly fill in cyber gaps for agencies, but there is always more work to be done.
For government agencies, keeping pace with emerging cyber threats while also maintaining vigilant oversight of existing vulnerabilities is a tall order, especially considering budget constraints and the massive amounts of sensitive data public sector agencies must maintain. Though there is no one-size-fits-all solution for eliminating threats altogether, one effective way to mitigate their impact is transitioning data management to a unified dashboard, where vulnerabilities can be correlated and triaged all at once.
The Cybersecurity and Infrastructure Security Agency’s Continuous Diagnostics and Mitigation program aims to make this approach more accessible to participating agencies by delivering capabilities to improve their overall cyber posture.
Late last year, CISA’s CDM program celebrated its 10-year anniversary. Today, the CDM dashboard is deployed across the federal government, providing agencies with the tools needed to effectively analyze and visualize their security posture, prioritize cyber threats, and improve vulnerability protection.
As threats continue to evolve, it is crucial that the CDM program also evolves to protect against these advanced threats and keep constituents safe. With such a strong foundation established for the CDM program, where can CISA look to improve in the future?
Data services: CDM data sources, integrations, and use cases are constantly in flux. Standardizing upon a single approach to data collection, processing, and enrichment will enhance efficiency and data quality while promoting transparency and traceability of the data to its source. Further, additional use cases for both agencies and CISA often require the ingestion of additional data to effectively correlate and analyze for advanced use cases. Balancing a standard approach to data services that accommodates a dynamic threat environment is key.
Enhance data governance: When discussing CDM, it's not only a cybersecurity discussion, but also a data discussion. Acquiring more high-quality, direct-from-source data and tying customer experiences into data governance will create more positive outcomes ideally suited for public sector agencies. Understanding this data and being able to combine and enrich it with data collected through other CISA programs will be integral to the program moving forward.
Embody a more proactive cybersecurity posture: The move from a defensive cyber approach will require some degree of integration with threat intelligence sources for the CDM data set. Agencies should consider participating in CDM’s Host Logging Visibility pilot program, implementing recommendations which improve alignment to a zero trust architecture for stronger cyber resiliency, and enabling COTS-based artificial intelligence and machine learning to enable the shift.
Mature cybersecurity supply chain risk management across the government: Assets across the public sector are constantly at risk for cyberattacks. By participating in C-SCRM working groups, agency leaders can share best practices with one another to amplify the impact of the CDM program’s efforts. Agencies can leverage their CDM dashboards to identify software deployed across their networks today and monitor for the prevalence of unapproved software.
How CDM bolsters the work of CISA
So, just how does the CDM’s core schema translate to broader CISA priorities? CISA has worked hard to bolster the cybersecurity of federal agencies by establishing a Joint Collaborative Environment and a CSD Cyber Analytic and Data System (CADS). In addition, CISA continues to expand its portfolio of shared services and emphasize security-by-design.
The CDM program’s value proposition lies in providing analysts with better insight into potential risks and vulnerabilities to inform daily decisions and prioritization efforts. It has helped to greatly fill in cyber gaps for agencies, but there is always more work to be done.
Mandates may begin to pop up that align with CDM goals and can potentially be enforced through the dashboard itself, contributing to the overall goal of improved cyber operational visibility for the federal government.
Improving government cybersecurity and data management practices will not be done overnight. Luckily, agencies can utilize the CDM dashboard to discover more complete data faster and bolster their cyber posture, protecting valuable government resources while aligning with federal requirements. As CISA programs and authorities evolve, this data will be enriched with additional threat intelligence and insight to help promote an all-of-government approach to defense. The CDM program will pave the way for a shift in government thinking surrounding security and visibility — and it’s eager to move forward.
Joanna Dempsey is vice president, cyber solutions at ECS. Bill Wright is head of global government affairs at Elastic.
NEXT STORY: High-speed train tech quickly spots airborne viruses