Homeland Security

CDM-as-a-service great, but what next?

Shutterstock image: examining a line of code.

Small federal agencies like the option of obtaining the Continuous Diagnostics and Mitigation cybersecurity program from the Department of Homeland Security as a shared service. But some are also wondering how they can sustain their cybersecurity work into the future.

In late 2015, DHS and the General Services Administration began the process of offering CDM tools for 40 of the federal government's smallest agencies via cloud shared services to cut down on or eliminate the on-premises duplication across those smaller entities.  

The GSA acts as the procurement arm for CDM services, issuing an RFP to cover the smaller agencies in December.

CDM-as-a-service for small agencies, said Kirit Amin, CIO at the International Trade Commission, is a big help with a complex, yet critical area and is greatly preferable to being stuck with a cybersecurity mandate, a small budget and staff, and CDM contracts that would have to be renewed.

"If DHS told small agencies 'you will implement CDM,' it wouldn't happen," said Amin at an ITPA cybersecurity lunch panel in Arlington on March 3. "You can't just throw tech at an issue" and expect it to happen, said IT chief. CDM-as-a-service would go a long way in fulfilling the job of protecting electronic assets, especially for agencies with budgets as small as their single data center.

"GSA and DHS shared services are a good thing," said Esteve Mede, chief information security officer at the Federal Election Commission. The effectiveness of the program, he said, should be measured by how closely GSA and DHS will work with small agencies to help fit them into the larger federal cybersecurity strategy.

The move to provide CDM as a service, Amin told FCW after the panel, could only be a way station on a longer, possibly treacherous road for small agencies and cybersecurity.

While the CDM services can help cover cybersecurity needs, smaller agencies are feeling the technical personnel squeeze more acutely than larger agencies.

"It comes down to people" to watch and protect cyber systems in the federal government. The entire tech industry, Amin said, fights over qualified IT people and especially over excellent cybersecurity people. "How many cybersecurity experts are out there? It's a major challenge for small agencies," he said.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.

Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 


Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group