DHS to launch federal cyber dashboard next month
- By Matt Leonard
- Sep 25, 2017
The Department of Homeland Security plans to stand up a federal dashboard next month that will provide cybersecurity data from agencies that have operating sensor networks and internal dashboards.
This will be the next step in a years-long effort to implement continuous diagnostics and mitigation within the federal government, Jeanette Manfra, the assistant secretary in DHS' Office of Cyber Security, said at a Sept. 25 conference hosted by the Professional Services Council.
A number of agencies already have their cyber dashboards up and running; sensor networks monitor the network traffic and can determine if anything malicious is trying to make its way in. One of the original reasons for building these dashboards was to be able to collect data required by the Federal Information Security Management Act, but they also can provide day-to-day operation.
“It helps agencies really have a better sense of their network,” Manfra said.
These agency-level dashboards will feed into the larger federal dashboard to be launched next month. If there is a known vulnerability on a server then the dashboard will allow users to look up what other agencies are running the type of servers, reach out to them and let them know about it.
WannaCry, a ransomware attack that affected people across the world, was a good example of how this could work, she said said. While the federal dashboard wasn’t up and running when the attack occurred, there were agencies that had visibility into their networks. Those agencies were able to pull data from these dashboards and provide information on what people should be patching, Manfra told GCN.
By constrast, when Heartbleed was an issue a few years ago federal CIOs had to jump on the phone and try to get information. A federal dashboard takes away the need for these emergency conference calls. Instead, DHS can provide the information directly to the people who need it.
There also will be an algorithm built into the dashboard that can produce a risk score. Each agency can then decide how much risk it is willing to accept, and DHS will be able to push out updates to agencies based on their risk thresholds.
Matt Leonard is a former reporter for GCN.