In our latest GovLoop Guide, we highlight the benefits, challenges and future outlook for the Continuous Diagnostic and Mitigation Program (CDM). Be sure to view our Guide to learn about how this program can help you improve your agency’s cybersecurity posture.
Ray Miles, Systems Integrator Alliance Manager, immixGroup, shared his thoughts with us on CDM. Miles noted several of the opportunities that CDM brings to government:
- Identifies and standardizes on common cyber solutions across the .gov community
- Creates focused collaboration with federal cyber leaders to identify solutions
- Implements policy and technical solutions consistent to all .gov organizations
- Monitors and reports the effectiveness of implemented solutions through a comprehensive real-time dash board. Additionally, the dashboard system has the ability to prioritize the worst problems first.
In our report, we also explore what it means to be secure in today’s world. We found that security revolves around five core themes:
#1: Achieve Real-Time Awareness
With cyberattacks occurring more frequently than ever before, agencies must analyze threats in real-time. Being secure doesn’t just mean the ability to respond quickly; it’s having the knowledge and insight to spot attacks as they unfold. In order to achieve real-time awareness, agencies must understand what their network looks like, who accesses it, and how.
#2: Enforce Dynamic, Risk-Based Policies and Educate all Stakeholders
Cybersecurity is the shared responsibility of everyone across an organization. Everyone has an obligation to know what risks they pose, and to be vigilant against cyberattacks. This means that an organization should have a dynamic risk management policy, and enforce and educate all stakeholders on the terms of the policy.
“A key aspect of being secure today is the ability to enforce a dynamic cybersecurity risk management policy,” said Chris Wilkinson, Director, Cybersecurity Technologies, immixGroup. This policy should be well known and understood by all stakeholders, all internal and external resources–anyone accessing your data, accessing your network, accessing your resources, and the policy should adapt to the evolving threats faced by the network. It should also enable risk-based decision-making, focused on your mission and business objectives. Additionally, all levels of the workforce need to go through continuous education on cybersecurity and understand the risks that they pose as users of the network.”
#3: Mitigate and Administer Rapid Response
In today’s security environment, there’s a dire need for organizations to immediately respond to an attack. They must be able to quickly deploy mitigation techniques and react rapidly to complex attacks. The CDM prime contract holders will evaluate an agency’s security posture and provide a recommended solution. The solution will include, not only the necessary cyber IT products, but expert implementation, hands-on training and sustainment services. The intent of the CDM program is to provide capabilities and training that enable network administrators to know the state of their respective networks at any given time and help them to identify and mitigate flaws at real-time speed.
#4: Gain Clarity from Complexity
There is no doubt that security is complex for government administrators. In our survey of 160 cybersecurity professionals, we found that the biggest cyberthreat facing agencies is external unauthorized access, and that agencies believe people are their biggest cyberthreat (See Figure 1). Agencies also believe their largest gaps in cybersecurity solutions reside in least privilege and infrastructure integrity (people and devices), at 42 percent. These findings show that CDM is well positioned to provide the government community with access to the right solutions to improve their overall security posture.
#5: Automation of Processes
Automation is an imperative part of any cyberdefense. By automating traditionally manual processes, agencies can improve compliance and reporting strategies. Automation can help agencies react quickly, and develop new ways of thinking about cyber issues.
Undoubtedly, today’s security landscape is more complicated than ever before. But programs like CDM are helping agencies deploy the right solutions and tools to gain valuable insights to their network, and to improve their security posture. “Keeping a secure network is analogous to a military battle plan,” said Miles. “The goal of a cybersecurity plan is to keep the enemy from penetrating a network. The enemy attacks from various entry points into a network and agencies must be ever vigilant and prepared to discover and stop those attacks.”
Miles reminds us that, on a daily basis, there are an incredible number of cyberattacks on U.S. networks and data, as attackers try to access personal information, intellectual property, or other sensitive data. Often, the attacker is never known – but the consequences of a successful attack are myriad, potentially affecting the economic and social viability of our nation.
“The posture of a secure network is better today than it was a year ago. However the necessary increase in funding has not been able to keep pace with the escalation in number of attacks and expense of complex cyberattack remediation. It’s a matter of having the funds, qualified staffing, product resources, and technical knowledge,” said Miles.
To learn more about CDM, and your organization can become involved, please download the report here.
Want More GovLoop Content? Sign Up For Email Updates