Budget, workforce challenge CDM implementation

Shutterstock image (by Maksim Kabakou): pixelated shield, protection concept.  

Industry representatives told a House panel on Jan. 17 that a key cybersecurity program aimed at protecting federal networks was making progress, but budgetary and workforce setbacks are contributing to implementation delays.

The four-phase $6 billion Continuous Diagnostics and Mitigation program is designed to give civilian agencies access to tools and personnel to secure networks, identify trusted users and monitor network traffic.

The dearth of qualified cyber workers has a "tremendous impact" on CDM's implementation and effectiveness, Trey Hodgkins, the Information Technology Alliance's senior vice president for federal business, said during the hearing of the House Homeland Security Committee's Cybersecurity and Critical Infrastructure Subcommittee.

"It's a challenge for both the federal government and contracting employees to be deployed when they can't get their clearances through that process in a timely fashion," he said. "Imagine what we could do if we could get 10 percent" of the more than 700,000 backlogged applications cleared, he asked.

Hodgkins also said losing workers to the private sector was another contributing factor to the talent shortage, adding that there needed to be an effort to lure tech workers into the government.

Additionally, money was a central issue with many agencies lacking the resources to employ CDM. Hodgkins told Congress that agencies seemed to rely on resources Congress allotted to the Department of Homeland Security to trickle down and be used to implement CDM activities. Most civilian agencies receive CDM funding through DHS, but it doesn't cover the total cost of implementation.

"The inconsistent budget process has also contributed [to delays] because agencies cannot begin to spend dollars until they're appropriated," he said. "And if they're planning their execution, their identification of contractors, their identification of which tools they need … and we end up with a fiscal year where only five months are actually appropriated, it's too short of a time frame to effectively complete that, deploy the activity and get the dollars obligated for contractors."

Budget and workforce shortages aside, CDM vendors said they believe the program has provided a solid foundation for federal cybersecurity going forward.

"It's not a clear cut issue," Frank Dimina, the federal vice president for software company Splunk, which has a DHS CDM contract for data integration, told FCW following his testimony Jan. 17. "The early stages, we had to make some very complex decisions. They have to set up the architecture and the design.… That was a heavy lift, and now that is done we're bullish."

Dimina said that while CDM has had setbacks -- Phase 1 turned up some surprises when some agencies learned they had more devices connected to their network than anticipated -- there's more to be done.

"CDM has made great progress -- it's a foundation," he said, "and there are opportunities to do more.… We're at the halftime," and can look back and re-evaluate to see what's needed to go forward.

Dimina said CDM has significant data analytics potential that could help threat and vulnerability hunters and make federal systems more secure.

"That exact same data that is being collected [for risk awareness and risk scoring] without being changed, has extreme operational value," he told FCW, and "can make [the government's] job easier and more efficient."

Subcommittee Chairman Rep. John Ratcliffe (R-Texas) had bigger concerns about the potential exposure of the federal government to cybersecurity risks.

"The rapidly evolving threat landscape of the modern information age means that government must change its processes to ensure that we aren’t gathering more data than we can protect," he said in his opening statement.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.