The Continuous Diagnostics and Mitigation (CDM) program is poised to transform how government combats cyberthreats. We spoke with Robert Roy, CISSP, CEH, Federal Chief Technology Officer, HP Enterprise Security Products (ESP), and he provided his thoughts on the CDM program and impact on government. I’d encourage you to view our latest guide on CDM, which serves as your field guide to navigate the program.
The core cyber challenge for the public sector is managing security in a dynamic environment. This comes at a time when cyberattacks are not only becoming more prevalent, but also more complex.
“We are spending more than ever on security, and yet the attackers are pulling ahead at an alarming rate,” Roy said. “There are multiple variables in this, including the fact that it is extremely easy for a world of seven billion people to produce armies of bad actors with all of the riches at stake. But it’s also the fact that we don’t always invest our security dollars in the most efficient way.”
But thanks to CDM program, and with help from DHS, agencies can make improved cyber investments. CDM allows agencies to better assess needs and adopt robust security solutions to provide deeper awareness and visibility to security gaps.
The visibility that CDM provides comes at an important time for government agencies. As agencies work to adopt cloud computing, mobile and big data solutions, the threat landscape is constantly changing – and growing. These technologies, although important to advance the missions of the public sector, also create more opportunities and risks for attacks.
“With new ways of doing business on IT, from cloud to mobile and big data, the landscape is changing so rapidly that many organizations are still fighting the problems of 2005,” Roy explained. “CDM is meant to resolve this by providing a top to bottom (or bottom to top!) fully integrated approach to managing risk on an enterprise scale. By following the CDM approach, agency security assessments will be an automatic and continuous process.”
To help navigate our quickly changing landscape, HP has conducted research designed to help government agencies stay secure.
“HP empowers clients to address the most advanced threats by combining access to a global network of over 3,000 security experts and published research with the power of that expertise built directly into our products and services,” Roy said. “Out of this community, HP publishes an annual Cybersecurity Risks Report covering all aspects of hardware, software, cloud and mobile security issues.
“In addition to the annual risk report, HP Security Research (HSPR) publishes reports that provide the most current security intelligence available, ensuring organizations understand and proactively respond to potential security threats. HSPR delivers research through biweekly threat briefings, as well as free summary briefings available to the public on HP’s website and iTunes.”
Where can agencies begin? To find out, we asked Roy: What are some best practices for the government community? His answers:
- Use what you own, and use it better. We see many organizations using only a fraction of their technology investments.
- Collaborate on threats in real-time with your peers. Experience has shown that effective attacks are immediately shared by the assailants, but the victims often wait weeks to publish a successful attack to a website or send details via email. HP Threat Central was designed specifically to address this problem.
- Learn, learn, learn. Attend courses, training and security events. HP offers workshops, training and assessments to help improve your security capabilities.
- Architecture matters. Get in front of your security challenges. The right architecture can help move your security from purely reactive to proactive – stopping threats in their tracks.
“The main challenge for CDM is bringing operations, security and development together in a manner that optimizes everyone’s efforts, the cost structures and investments, and most importantly the results,” Roy said.
By following these best practices, and taking a hard look at your organizations readiness level, you’ll be well on your way to a safer and more secure government agency. Roy’s last comments highlight the power of the CDM program and opportunities for you to get involved. Make sure to download GovLoop’s guide on CDM. We go deeper on many of the issues that Roy has mentioned, and the report will be your field guide to help you navigate the program.
Want More GovLoop Content? Sign Up For Email Updates
HP’s mission is to invent technologies and services that drive business value, create social benefit and improve the lives of customers — with a focus on affecting the greatest number of people possible. Check out their HP for Gov group on GovLoop.