Achieving enterprise security to support agency services

computers and globe_data sharing

Increased connectivity has transformed and improved access to government. Citizens today can connect with government agencies and leaders in ways that were unimaginable just a few years ago.

This connectivity, however, has also increased the importance and complexity of our shared risk. Ever-increasing cyberattacks on federal government networks are growing more sophisticated, aggressive and dynamic. It is paramount that as the government continually provides essential services to the public, agencies safeguard information from theft and networks and systems from attacks while protecting individual privacy, civil rights and civil liberties.

In order to provide for effective and efficient information for citizens and businesses online and in real time, agencies are taking advantage of applications that allow ongoing visibility into threats, vulnerabilities and incidents on their networks. The government's use of this category of applications is central to the Department of Homeland Security's Continuous Diagnostics and Mitigation program -- a dynamic approach to fortifying the cybersecurity of computer networks and systems.

The CDM program provides capabilities and tools that enable network administrators to see the state of their respective networks at any given time, understand the relative risks and threats, and help system administrators identify and mitigate flaws at near-network speed.

DHS established the CDM program to support government efforts to provide adequate risk-based and cost-effective cybersecurity. CDM -- which is also available to state, local and tribal government entities -- provides stakeholders with the tools they need to protect their networks and enhance their ability to identify and mitigate cyber threats. It also offers a path to providing greater intelligence about enterprise security.

In addition, CDM complements the risk-based approach to security that agencies can use to ensure a comprehensive program that enables missions while effectively safeguarding assets, relying on National Institute of Standards and Technology guidance for implementation across a broad range of agency activities.

Even with strong efforts across the government, the Government Accountability Office and inspectors general offices report that security continues to be a challenge for federal agencies. That reinforces the strong support across the federal government for CDM and its call for more automated and proactive approaches to controlling and protecting federal data and systems, which departments, agencies and component levels all need to accelerate their move to enterprise security intelligence.

CDM enables agencies to move from a reactive manual approach, which relies on often-heroic human actions to protect federal data and systems, to one of predictive and automated security analytics, where data and systems are protected by automated decision-making and leveraging the human knowledge to make sound security decisions based on risk, vulnerabilities and consequences.

A holistic, intelligent approach to security that helps organizations combat the increase of cyberattacks, insider threats and advanced persistent threats provides the enterprise security that most organizations have found elusive to date. This approach relies on an architecture for security intelligence operations that comply with the increase of mandates and federal regulations. Such an effort also correlates assets, threats and vulnerabilities to create situational awareness for sound risk management decisions.

To implement this approach, agencies benefit from solutions that can efficiently process billions of events from multiple devices and transform them into actionable incidents based on risk and threat analysis. By doing so, enterprises can actively and accurately predict, prevent, react to and remediate security risks in their organization, ultimately achieving a more "intelligent" approach to managing security that automates and streamlines systems and security management to lower the total cost of managing IT assets -- securing mobile devices, laptops, desktops and servers that are physical or virtual, on or off network, personal or corporate-owned.

This enterprise strategy for security makes new technologies, such as cloud and mobile, more secure -- especially when coupled with agency actions to assess their security posture, develop a strategy, design a strategic architecture, implement security and privacy controls, and manage the solutions. As this real-time, continuous diagnostics and mitigation approach matures and is integrated with sustained attention to risk-based approaches to managerial and operational controls, agencies will be able to more effectively address the challenges of securing their people, data, applications, transactions and infrastructure.

About the Authors

Dan Chenok is executive director of the IBM Center for the Business of Government.

John Lainhart leads IBM's Public Sector Cybersecurity and Privacy Services.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.