Will CDM finally be ‘the realization of IT security’?


CDM: Government’s defensive coordinator

A key player in the Department of Homeland Security’s Continuous Diagnostics and Mitigation program since its inception in 2012, Betsy Kulick continues to guide the massive enterprisewide network security program that aims to continuously scan federal civilian networks to identify and respond to threats and breaches.

“When we started this program -- make no mistake because then, as now -- the dot-gov federal civilian executive branch networks were and are under attack daily ceaselessly and by a variety of actors,” Kulick, the CDM deputy program manager, said during a recent event showcasing 2020 Federal 100 Award winners. “That was our mission. Then it continues to this day.”

Before CDM, agencies worked to automate continuous monitoring, “but that resulted frequently in lots of different tools within departments and agencies, varying levels of maturity, and a heavy reliance on manual reporting and spreadsheets,” she said.

And the challenge of building a governmentwide security program wasn’t only in coordination of security tools. An equally heavy lift was setting up an acquisition plan that could address the needs of 300 widely disparate departments and agencies in a timely manner. Plus, agencies and government security experts needed dashboards so that “IT security officials to prioritize risk and fix the worst problems first,” she said.

“Amazingly enough, this whole process worked,” Kulick said, and CDM has been evolving as officials gained experience, retooled the acquisition and moved to an ecosystem approach for upgraded dashboards. 

In 2019, Kulick played a key role in developing statements of work for the new CDM Dynamic and Evolving Federal Enterprise Network Defense contracts, ensuring that the shared-services security platform could process the continuous monitoring data received from CDM tools and maturing the program's processes for supply chain risk management.

Eight years in, the CDM program has been able to provide relevant, timely, actionable cybersecurity information to agencies, helping them fortify civilian government data and networks by deploying millions of endpoint sensors and network scanners across agencies.

“Together with our agencies in our industry partners,” Kulick said, “we know we can decrease federal cyber risk to defend our nation's network systems and information and secure them for today and into the future.”

Read about all the 2020 Federal 100 winners here.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected