Research Report

Facing Down Cyberthreats with CDM

The Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program was first launched several years ago—a major push to strengthen the overall security of government IT. Events of the past year have only increased pressure for a faster rollout. There were several sophisticated attacks on government agencies this year. The most damaging was clearly the one suffered by the Office of Personnel Management (OPM). Part of the CDM program is designed to combat precisely the type of attack that took down the OPM. The CDM program was originally expected to deliver those tools to agencies by the end of 2017. Given the nature and extent of the 2015 breaches, though, and the expectation that those types of attacks will only increase in number and severity, this may not be fast enough.
Read More Here

If the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program is as broadly implemented across federal agencies as was originally intended, government agencies should have far more sophisticated cybersecurity defenses in place over the next couple of years. The $6 billion CDM program was set up to be implemented over a five-year period starting in 2013, in three distinct phases: endpoint integrity, least privilege and infrastructure integrity, and boundary protection and event management. Under the CDM program goals, all three phases need to be implemented in order to provide the kind of pervasive security envisioned by the Obama Administration and Congress. Not only would each agency be covered, but agencies would be able to share information about incidents, and coordinate with each other over a standardized security infrastructure.
Read More Here

The Department of Homeland Security (DHS) took a different route with the last group of agencies covered under the second contract task order for the CDM rollout. It opted for a shared services strategy, instead of the direct order approach using the GSA BPA as it did with the previous five groups. That shared services solution “must recognize and incorporate the IT governance models at participating agencies [that] may or may not have a centralized acquisition model,” the RFP says. “Small agencies may also leverage shared acquisition offices for cost savings purposes or utilize a centralized-like model without having the benefit of an official acquisitions office.” Read More Here

The entire Continuous Diagnostics and Mitigation (CDM) program is aimed at boosting the security of government agency IT. The contract itself can be separated into two primary areas of operational significance. Phase 1 and 2 provide the tools and services agencies will need to manage their hardware and software assets. Phase 3 is where that baseline capability data will help with security improvements. Managing network access controls will be a major part of those improvements. The purpose of this section of the CMD program is to manage network access controls. The intent is to limit unauthorized access that “would allow attackers to cross internal and external network boundaries and then pivot to gain deeper network access and/or capture network resident data at rest or in transit.” Read More Here

As the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program continues to roll out, certain factors that aren’t perhaps directly associated with the program could still have a big impact on how well it’s taken up, and how effective it eventually becomes. Those include executive support, attack signatures, and policy revisions. The larger goal of current government IT security improvements is to replace the “bolted-on” approach of the past with a more expansive and dynamic risk-oriented approach. This is also something the CDM program intends to address. Read More Here