CDM: Building Advanced Cyber Strategies

For close to a decade the Obama administration has been putting together the components of a system to automate the identification and response to security breaches in government agencies. The move toward security and monitoring as-a-service is based on a consensus that fixed network defense technologies have not lived up to their promise to protect federal networks.

Tools are now emerging to identify and block critical threats to agency systems -- as they happen. The federal government has set up channels providing agencies accelerated access to these technologies in the coming year. They include Phase 2 of the Homeland Security Department’s Continuous Diagnostics and Mitigation (CDM) program, which will provide agencies technologies for monitoring their networks via sensors or as a service.

The CDM program specifies 15 monitoring features that can be performed by agency sensors or provided as a service and fed into enterprise level dashboards. Another set of tools under DHS’s Einstein 3 program offers agencies managed intrusion detection as-a-service to detect malicious traffic entering their networks. So far Einstein has thwarted 650,000 requests to access malicious websites, according to DHS.

The demand for more dynamic, always-on security tools can hardly be more urgent given agencies’ record in setting up conventional defenses. In an April 2015, report, the Government Accountability Office found 23 out of 24 agency inspectors general cited information security as a major challenge at their agency. Meanwhile cyber-attacks on agencies have jumped from less than 6,000 in 2006 to over 65,000 in 2014, says GAO.  To help agencies obtain security tools to meet these threats, the 2016 federal budget called for $102.6 million for CDM and $479.8 million for network security, including Einstein 3.

This event will provide federal agency IT and security managers an update on options available to them for acquiring the hardware and tools necessary to establish baseline threat and cybersecurity monitoring services at their agencies.

Potential topics to be addressed include:

•     How to implement a CDM program at your agency
•     Preparing for the upcoming 2nd and 3rd phases of the CDM program
•     CDM and Einstein 3 security acquisition basics
•     Continuous monitoring toolkit: dashboards, sensors, and services
•     Automated security threat sharing initiatives
•     Options for CDM identity and authentication management