CDM, before and after

CDM dashboards

One federal agency charged with tracking down cybercriminals is looking forward to the progression of continuous diagnostics and mitigation into federal networks, even though on-the-ground cyberforensics experience with the technologies is still hypothetical.

CDM will not only allow agencies to have a clearer view of vulnerability gaps in their networks, but could also enrich the forensic path for cybercrime investigators, said Eduardo Cabrera, assistant to the special agent in charge at the U.S. Secret Service.

Cabrera, who is also assigned to the Criminal Investigative Division at Secret Service's Cyber Operations and detailed to DHS's National Cybersecurity and Communications Response Integration Center, said the agency- and federal-level dashboards associated with CDM will serve as a starting point for cyber-intrusion investigations.

Common CDM dashboards that share information among agencies and aggregate it within them could provide be a starting point for cyber forensics investigators, Cabrera said at an April 8 CDM conference in Virginia.

The Secret Service is charged with protecting the kind of U.S. payment and financial systems often targeted by cybercriminals.

"It's conceptual now since CDM is just being implemented," he said in remarks to FCW after the event. But CDM technology is beginning its spread across federal agencies. DHS began rolling out orders under the $6 billion CDM multiple-source contracts in January, when it issued $60 million in task orders to four of the 17 companies that provide hardware and software for the project. It has since issued several more.

GSA and DHS are currently working with the vendor for the federal dashboard selected in early March on what kinds of detail it will include, according to Mark Kneidinger, senior advisor, cybersecurity and communications, Federal Network Resilience at DHS.

The dashboards are key to the CDM effort.

Agency-level dashboards will gather information on threats and vulnerabilities across individual agencies, while the federal-level dashboard will aggregate information to form an overall threat picture.

Agency-level dashboards will contain sensitive information that will be closely held. Rod Turk, director, office of cybersecurity and CIO at the Department of Commerce, said he plans to disseminate the information gathered by his agency's dashboard internally to select top information officers and Cabinet-level officials. The information won't be made available to the public or to vendors. "We see vulnerability information as sensitive," adding that data about gaps and security patches could be very valuable to "hacktivists" and others with questionable intent.

Cabrera told FCW that exactly how information gathered through CDM-related security measures would be used in cybercrime investigations wasn't clear at this point, but it would be a step up from where things stand now.

"The lack of information now can make it hard. The lack of logs and how attacks happen makes it difficult" to track cybercriminals in federal networks, he said. In the face of such unknowns, "any information is good information."

One of cybercriminals' weaknesses is a tendency towards laziness, aiming to expend as little energy as possible for the most return. To save on effort, they use similar malware to attack both federal and commercial networks, said Cabrera. The malware they produce is usually tweaked for a specific attack, but it can be similar to other versions in its methods and behavior. That commonality can leave forensic clues to be leveraged by investigators and federal information security officers -- if they are recognized.

Although cybercriminals have proven themselves to be excellent at IT and ever-adaptable, the CDM approach is a critical "pivot" in how federal agencies deal with security, said Cabrera.

CDM is also piquing the interest of commercial interests that have been repeated targets of attacks, according to Kneidinger. Although Homeland Security's CDM blanket purchase agreement cannot be used by commercial interests, the financial services industry has inquired about the CDM process and how it works. "We're getting interest in how we structure the program," he said, from domestic and international interests.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Wed, Apr 16, 2014 Judy Peterson

Interesting job, Mark. I can't imagine how you find these criminals. I'm still working on posting pictures to Fb! :)

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group