CDM, before and after

CDM dashboards

One federal agency charged with tracking down cybercriminals is looking forward to the progression of continuous diagnostics and mitigation into federal networks, even though on-the-ground cyberforensics experience with the technologies is still hypothetical.

CDM will not only allow agencies to have a clearer view of vulnerability gaps in their networks, but could also enrich the forensic path for cybercrime investigators, said Eduardo Cabrera, assistant to the special agent in charge at the U.S. Secret Service.

Cabrera, who is also assigned to the Criminal Investigative Division at Secret Service's Cyber Operations and detailed to DHS's National Cybersecurity and Communications Response Integration Center, said the agency- and federal-level dashboards associated with CDM will serve as a starting point for cyber-intrusion investigations.

Common CDM dashboards that share information among agencies and aggregate it within them could provide be a starting point for cyber forensics investigators, Cabrera said at an April 8 CDM conference in Virginia.

The Secret Service is charged with protecting the kind of U.S. payment and financial systems often targeted by cybercriminals.

"It's conceptual now since CDM is just being implemented," he said in remarks to FCW after the event. But CDM technology is beginning its spread across federal agencies. DHS began rolling out orders under the $6 billion CDM multiple-source contracts in January, when it issued $60 million in task orders to four of the 17 companies that provide hardware and software for the project. It has since issued several more.

GSA and DHS are currently working with the vendor for the federal dashboard selected in early March on what kinds of detail it will include, according to Mark Kneidinger, senior advisor, cybersecurity and communications, Federal Network Resilience at DHS.

The dashboards are key to the CDM effort.

Agency-level dashboards will gather information on threats and vulnerabilities across individual agencies, while the federal-level dashboard will aggregate information to form an overall threat picture.

Agency-level dashboards will contain sensitive information that will be closely held. Rod Turk, director, office of cybersecurity and CIO at the Department of Commerce, said he plans to disseminate the information gathered by his agency's dashboard internally to select top information officers and Cabinet-level officials. The information won't be made available to the public or to vendors. "We see vulnerability information as sensitive," adding that data about gaps and security patches could be very valuable to "hacktivists" and others with questionable intent.

Cabrera told FCW that exactly how information gathered through CDM-related security measures would be used in cybercrime investigations wasn't clear at this point, but it would be a step up from where things stand now.

"The lack of information now can make it hard. The lack of logs and how attacks happen makes it difficult" to track cybercriminals in federal networks, he said. In the face of such unknowns, "any information is good information."

One of cybercriminals' weaknesses is a tendency towards laziness, aiming to expend as little energy as possible for the most return. To save on effort, they use similar malware to attack both federal and commercial networks, said Cabrera. The malware they produce is usually tweaked for a specific attack, but it can be similar to other versions in its methods and behavior. That commonality can leave forensic clues to be leveraged by investigators and federal information security officers -- if they are recognized.

Although cybercriminals have proven themselves to be excellent at IT and ever-adaptable, the CDM approach is a critical "pivot" in how federal agencies deal with security, said Cabrera.

CDM is also piquing the interest of commercial interests that have been repeated targets of attacks, according to Kneidinger. Although Homeland Security's CDM blanket purchase agreement cannot be used by commercial interests, the financial services industry has inquired about the CDM process and how it works. "We're getting interest in how we structure the program," he said, from domestic and international interests.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.


  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Wed, Apr 16, 2014 Judy Peterson

Interesting job, Mark. I can't imagine how you find these criminals. I'm still working on posting pictures to Fb! :)

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group