CDM – Concentrating on the How of Cybersecurity

The Department of Homeland Security's Continuous Diagnostic Mitigation Program (CDM) was developed as a guideline process for agencies to fortify their ongoing cybersecurity plans and tactics. Agencies have worked through the stages of the program, first identifying what and who is on their network and then looking at what is happening on the network - really identifying the who, what, when, and where. Today, the focus is to put all that information to work in developing plans that address the "how" of secure networks including:

• Reduce agency threat surface
• Increase visibility into the federal cybersecurity posture
• Improve federal cybersecurity response capabilities
• Streamline Federal Information Security Modernization Act (FISMA) reporting

According to a recent survey, in the seven years since its inception, the CDM program has met its mission of making government IT systems more secure. But this success does not mean the work is done. Legislation has been introduced that will make CDM permanent and expand its reach to meet the ongoing cyber threats that face government agencies. Moving forward, the CDM will help agencies focus on taking what has traditionally been a piecemeal approach to cybersecurity and creating a more integrated approach that ties to the an overall cyber strategy.

As agencies look to take this next step, we've pulled together a list of events that can inform the planning and execution of this integrated cyber approach.

• Cybersecurity Workshop (November 13, 2019; Tampa. FL) - Organized by NDIA, this workshop addresses current and emerging initiatives that are aimed at increasing the security of the Defense Industrial Base.
• FCW Summit: CDM (November 14, 2019; Washington, DC) - This 4th annual summit will bring together the top government program leaders and industry partners to explore how to put the CDM mission into practice for 2020 and beyond. Topics include CDM DEFEND, deployment plans for the AWARE risk-scoring algorithm, FY20 CDM Program Priorities, adapting CDM to today's cloud environments, how new tools and services can be incorporated into CDM, and CDM's role in a broader cybersecurity strategy.
• Infosecurity North America Expo and Conference (November 20-21, 2019; New York, NY) -- Infosecurity North America and ISACA combine to present this conference that aligns the fields of security, cybersecurity, and risk management. Attendees will gain insight and education needed to manage information and cyber risk to build resilience within complex organizations.
• 2019 Security Transformation Summit (December 3, 2019; Arlington, VA) -- Influential public and private sector leaders will come together to discuss automation and emerging technologies, protecting distributed networks, securing data and systems in the cloud and citizen- and student-centric digital transformation. Discussions will focus on creating comprehensive, effective, and adaptive security for today's connected world.
• Cyber Education, Research, and Training Symposium (January 14-16, 2020; Augusta, GA) -- AFCEA International is hosting the third annual Cyber Education, Research, and Training Symposium (CERTS) to bring together government, education, research and industry leaders to discuss advancing cyber workforce development, retention and support. This event incorporates keynote presentations, panel discussions, open workshops, and networking.

Let us know what other events you are looking to attend to help in your CDM planning and efforts.