CDM and Einstein: The Foundations of Federal Civilian Cyberdefense

Interest in government cybersecurity has never been higher. High-profile leaks by Edward Snowden and Chelsea Manning, coupled with external attacks on entities including the White House, have attracted a spotlight. But after data on 21.5 million federal employees and their families were exposed in the breaches of the Office of Personnel Management’s Information systems, many more people were left asking how and why.

Those questions are not going unanswered. The government has taken swift action in response to the hacks. One step is to expand and accelerate the government’s $6 billion Continuous Diagnostics and Mitigation (CDM) program. Established by the Homeland Security Department (DHS) to help federal civilian agencies and departments plus state, local, regional, and tribal governments boost cybersecurity for unclassified networks, CDM provides services and tools that automatically detect and report on known cyber flaws or vulnerabilities.

With each agency and department holding responsibility for its own cybersecurity plan, the risk of silos runs high. Agencies aren’t on the same page in terms of protection or threat information sharing, which is a danger because when one system is compromised, other agencies need to know. Knowledge can help them know what signs to look for so they can turn an attack into an attempt.

That’s why DHS developed two programs to significantly bolster federal cybersecurity and create a baseline standard: CDM and Einstein, a $3 billion intrusion-detection system that has become much more.

In this research guide, we discuss:

  • What CDM is, how it works, and what it entails
  • What Einstein is, how it works, and what it entails
  • Steps to increasing cybersecurity and how these programs play a role
  • CDM and Einstein best practices
  • What’s next for cybersecurity