Will CDM finally be ‘the realization of IT security’?


CDM: Government’s defensive coordinator

A key player in the Department of Homeland Security’s Continuous Diagnostics and Mitigation program since its inception in 2012, Betsy Kulick continues to guide the massive enterprisewide network security program that aims to continuously scan federal civilian networks to identify and respond to threats and breaches.

“When we started this program -- make no mistake because then, as now -- the dot-gov federal civilian executive branch networks were and are under attack daily ceaselessly and by a variety of actors,” Kulick, the CDM deputy program manager, said during a recent event showcasing 2020 Federal 100 Award winners. “That was our mission. Then it continues to this day.”

Before CDM, agencies worked to automate continuous monitoring, “but that resulted frequently in lots of different tools within departments and agencies, varying levels of maturity, and a heavy reliance on manual reporting and spreadsheets,” she said.

And the challenge of building a governmentwide security program wasn’t only in coordination of security tools. An equally heavy lift was setting up an acquisition plan that could address the needs of 300 widely disparate departments and agencies in a timely manner. Plus, agencies and government security experts needed dashboards so that “IT security officials to prioritize risk and fix the worst problems first,” she said.

“Amazingly enough, this whole process worked,” Kulick said, and CDM has been evolving as officials gained experience, retooled the acquisition and moved to an ecosystem approach for upgraded dashboards. 

In 2019, Kulick played a key role in developing statements of work for the new CDM Dynamic and Evolving Federal Enterprise Network Defense contracts, ensuring that the shared-services security platform could process the continuous monitoring data received from CDM tools and maturing the program's processes for supply chain risk management.

Eight years in, the CDM program has been able to provide relevant, timely, actionable cybersecurity information to agencies, helping them fortify civilian government data and networks by deploying millions of endpoint sensors and network scanners across agencies.

“Together with our agencies in our industry partners,” Kulick said, “we know we can decrease federal cyber risk to defend our nation's network systems and information and secure them for today and into the future.”

Read about all the 2020 Federal 100 winners here.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected