Homeland Security

CDM-as-a-service great, but what next?

Shutterstock image: examining a line of code.

Small federal agencies like the option of obtaining the Continuous Diagnostics and Mitigation cybersecurity program from the Department of Homeland Security as a shared service. But some are also wondering how they can sustain their cybersecurity work into the future.

In late 2015, DHS and the General Services Administration began the process of offering CDM tools for 40 of the federal government's smallest agencies via cloud shared services to cut down on or eliminate the on-premises duplication across those smaller entities.  

The GSA acts as the procurement arm for CDM services, issuing an RFP to cover the smaller agencies in December.

CDM-as-a-service for small agencies, said Kirit Amin, CIO at the International Trade Commission, is a big help with a complex, yet critical area and is greatly preferable to being stuck with a cybersecurity mandate, a small budget and staff, and CDM contracts that would have to be renewed.

"If DHS told small agencies 'you will implement CDM,' it wouldn't happen," said Amin at an ITPA cybersecurity lunch panel in Arlington on March 3. "You can't just throw tech at an issue" and expect it to happen, said IT chief. CDM-as-a-service would go a long way in fulfilling the job of protecting electronic assets, especially for agencies with budgets as small as their single data center.

"GSA and DHS shared services are a good thing," said Esteve Mede, chief information security officer at the Federal Election Commission. The effectiveness of the program, he said, should be measured by how closely GSA and DHS will work with small agencies to help fit them into the larger federal cybersecurity strategy.

The move to provide CDM as a service, Amin told FCW after the panel, could only be a way station on a longer, possibly treacherous road for small agencies and cybersecurity.

While the CDM services can help cover cybersecurity needs, smaller agencies are feeling the technical personnel squeeze more acutely than larger agencies.

"It comes down to people" to watch and protect cyber systems in the federal government. The entire tech industry, Amin said, fights over qualified IT people and especially over excellent cybersecurity people. "How many cybersecurity experts are out there? It's a major challenge for small agencies," he said.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.