Will CDM finally be ‘the realization of IT security’?

VIDEO

CDM: Government’s defensive coordinator

A key player in the Department of Homeland Security’s Continuous Diagnostics and Mitigation program since its inception in 2012, Betsy Kulick continues to guide the massive enterprisewide network security program that aims to continuously scan federal civilian networks to identify and respond to threats and breaches.

“When we started this program -- make no mistake because then, as now -- the dot-gov federal civilian executive branch networks were and are under attack daily ceaselessly and by a variety of actors,” Kulick, the CDM deputy program manager, said during a recent event showcasing 2020 Federal 100 Award winners. “That was our mission. Then it continues to this day.”

Before CDM, agencies worked to automate continuous monitoring, “but that resulted frequently in lots of different tools within departments and agencies, varying levels of maturity, and a heavy reliance on manual reporting and spreadsheets,” she said.

And the challenge of building a governmentwide security program wasn’t only in coordination of security tools. An equally heavy lift was setting up an acquisition plan that could address the needs of 300 widely disparate departments and agencies in a timely manner. Plus, agencies and government security experts needed dashboards so that “IT security officials to prioritize risk and fix the worst problems first,” she said.

“Amazingly enough, this whole process worked,” Kulick said, and CDM has been evolving as officials gained experience, retooled the acquisition and moved to an ecosystem approach for upgraded dashboards. 

In 2019, Kulick played a key role in developing statements of work for the new CDM Dynamic and Evolving Federal Enterprise Network Defense contracts, ensuring that the shared-services security platform could process the continuous monitoring data received from CDM tools and maturing the program's processes for supply chain risk management.

Eight years in, the CDM program has been able to provide relevant, timely, actionable cybersecurity information to agencies, helping them fortify civilian government data and networks by deploying millions of endpoint sensors and network scanners across agencies.

“Together with our agencies in our industry partners,” Kulick said, “we know we can decrease federal cyber risk to defend our nation's network systems and information and secure them for today and into the future.”

Read about all the 2020 Federal 100 winners here.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected