The Department of Homeland Security's Continuous Diagnostic Mitigation Program (CDM) was developed as a guideline process for agencies to fortify their ongoing cybersecurity plans and tactics. Agencies have worked through the stages of the program, first identifying what and who is on their network and then looking at what is happening on the network - really identifying the who, what, when, and where. Today, the focus is to put all that information to work in developing plans that address the "how" of secure networks including:
- Reduce agency threat surface
- Increase visibility into the federal cybersecurity posture
- Improve federal cybersecurity response capabilities
- Streamline Federal Information Security Modernization Act (FISMA) reporting
According to a recent survey, in the seven years since its inception, the CDM program has met its mission of making government IT systems more secure. But this success does not mean the work is done. Legislation has been introduced that will make CDM permanent and expand its reach to meet the ongoing cyber threats that face government agencies. Moving forward, the CDM will help agencies focus on taking what has traditionally been a piecemeal approach to cybersecurity and creating a more integrated approach that ties to the an overall cyber strategy.
In October, ghosts and goblins come to life as decorations on front lawns and as candy-seeking children knocking on our doors. But stepping away from the frivolity of Halloween, October has also become a time for us to reflect on the real threats we face year-round when it comes to our data, identity privacy and online security.
National Cybersecurity Awareness Month (NCSAM), spearheaded by the Department of Homeland Security (DHS), is a "collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online." This year's theme is Own IT. Secure IT. Protect IT. Programs around the country will address topics including citizen privacy, securing consumer devices, and eCommerce security.
More than IT professionals talking to one another, NCSAM aims to reach out to the public to emphasize personal accountability and educate people about the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. The NCSAM website has some handy guides that can be shared to educate people on these actionable steps.
The Continuous Diagnostics and Mitigation (CDM) program, led by the Department of Homeland Security, was designed to fortify the cybersecurity of government networks and systems with capabilities and tools that identify risks on an ongoing basis, prioritize these risks based on potential impacts, and enable personnel to mitigate the most significant problems first. The program was rolled out in phases with phases one and two pretty much complete across government.
Now that agencies know what and who is on their network, they need to move onto phase three - what is happening on the network. This involves installing and managing the network and perimeter security measures. Given that the perimeter now includes mobile devices, securing those devices and the way they access the network is critical to meeting CDM goals. Currently,agencies are mapping out mobile connections at the agency level, and the networks with which agencies are regularly interacting.
The Department of Homeland Security (DHS) may be the newest cabinet-level department, but it is still facing the same modernization challenges felt across government. The agencies pulled under the DHS umbrella in 2002 came with legacy systems. While a good deal of integration and modernization happened while DHS was being formed, systems have to keep evolving to keep up with the ever-changing threat landscape and the technologies used to threaten the homeland.
Cybersecurity, as it relates to the protection of the national infrastructure and government systems, is a huge focus for DHS. In fact, The DHS Secretary recently said that nation-state adversaries "are at the highest levels since the Cold War, largely but not exclusively due to leveraging cyber to conduct espionage and influence operations and disrupt services." As part of their efforts to strengthen their cybersecurity posture, the Department is leading the Continuous Diagnostic Monitoring (CDM) efforts across government to provide capabilities and tools to identify cybersecurity risks on an ongoing basis, prioritize these risks based on potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first.
With a broad mandate to support election security, DHS has been collaborating across the government to ensure the security of machines and records for national elections. New technologies such as Albert sensors, technology designed to detect suspicious IP addresses and malware signatures, will be in place in 90% or more of voting machines used in November. Continue reading