As part of the expanding Continuous Diagnostics and Mitigation (CDM) program, the Homeland Security Department (DHS) plans to bring on another 30 employees to evaluate, monitor and standardize cybersecurity capabilities across agencies.
DHS incurred a case backload because of increased agency requests for service after the implementation of DEFEND task orders, which provide more flexibility to agencies given their existing cybersecurity infrastructure. DEFEND also allows agencies to retain existing cybersecurity solutions that match CDM mandates.
Kevin Cox, Program Manager for CDM, said that before moving forward, DHS wanted to be sure that program requirements were internally agreed upon and that agencies understood their requirements.
The spike in hiring will come as DHS moves away from the Blanket Purchase Agreements (BPAs) that expired in August. The new acquisition strategy places a stronger focus on agency-specific solutions and capabilities.
Agencies also send representatives to help DHS decide the integrators for CDM solutions.
“Rather than coming out with specific solutions, we want to make sure, first and foremost, we know what those requirements are,” Cox said to a small group of reporters at the Symantec Government Symposium. “And then we want to make sure that we’re working with the agencies to understand what those requirements are and, in the long run, meet those requirements.”
For the first five years of CDM – which was established in 2013 – agencies often criticized the slowness and rigidity of the program. Officials said that expectations for user and asset capabilities did not take into account the tools and frameworks that organizations had been working with.
Under DEFEND, DHS and the Office of Management and Budget (OMB) have communicated with agencies to talk through the transition.
“At times there was a perception that CDM was coming in to rip and replace entire solutions that were working,” Cox said. “We don’t want that to be the case. A key for the CDM program is the partnership, not only with the agency but also the integrators, to get the right solution for the agencies.”
Cox said that collaboration has improved dramatically and that agencies are increasingly looking to partner with DHS. DHS uses customer advisory forums to analyze how effectively components are operating.
DEFEND also allows DHS to focus on “what is happening on the network” and how data is protected – originally thought of as Phase 3 and Phase 4, respectively, of the CDM model. However, Cox said, DHS is moving toward a more encompassing view of the program – and shying away from a step-by-step evaluation.
“One of the things just for the general public to know is that we’re shifting our language from phases to capabilities,” Cox said. “With the phases, there was this real sense that with a phase you’re going to hit a point where it’s done. And when’s that phase done? In many ways, asset management is never done.”
For that reason, there’s no end to CDM in sight, as security technologies need to continuously respond to evolving threats. Cox said DHS has submitted its priorities for 2019 and is close to setting its 2020 goals.