Budget, workforce challenge CDM implementation

Shutterstock image (by Maksim Kabakou): pixelated shield, protection concept.  

Industry representatives told a House panel on Jan. 17 that a key cybersecurity program aimed at protecting federal networks was making progress, but budgetary and workforce setbacks are contributing to implementation delays.

The four-phase $6 billion Continuous Diagnostics and Mitigation program is designed to give civilian agencies access to tools and personnel to secure networks, identify trusted users and monitor network traffic.

The dearth of qualified cyber workers has a "tremendous impact" on CDM's implementation and effectiveness, Trey Hodgkins, the Information Technology Alliance's senior vice president for federal business, said during the hearing of the House Homeland Security Committee's Cybersecurity and Critical Infrastructure Subcommittee.

"It's a challenge for both the federal government and contracting employees to be deployed when they can't get their clearances through that process in a timely fashion," he said. "Imagine what we could do if we could get 10 percent" of the more than 700,000 backlogged applications cleared, he asked.

Hodgkins also said losing workers to the private sector was another contributing factor to the talent shortage, adding that there needed to be an effort to lure tech workers into the government.

Additionally, money was a central issue with many agencies lacking the resources to employ CDM. Hodgkins told Congress that agencies seemed to rely on resources Congress allotted to the Department of Homeland Security to trickle down and be used to implement CDM activities. Most civilian agencies receive CDM funding through DHS, but it doesn't cover the total cost of implementation.

"The inconsistent budget process has also contributed [to delays] because agencies cannot begin to spend dollars until they're appropriated," he said. "And if they're planning their execution, their identification of contractors, their identification of which tools they need … and we end up with a fiscal year where only five months are actually appropriated, it's too short of a time frame to effectively complete that, deploy the activity and get the dollars obligated for contractors."

Budget and workforce shortages aside, CDM vendors said they believe the program has provided a solid foundation for federal cybersecurity going forward.

"It's not a clear cut issue," Frank Dimina, the federal vice president for software company Splunk, which has a DHS CDM contract for data integration, told FCW following his testimony Jan. 17. "The early stages, we had to make some very complex decisions. They have to set up the architecture and the design.… That was a heavy lift, and now that is done we're bullish."

Dimina said that while CDM has had setbacks -- Phase 1 turned up some surprises when some agencies learned they had more devices connected to their network than anticipated -- there's more to be done.

"CDM has made great progress -- it's a foundation," he said, "and there are opportunities to do more.… We're at the halftime," and can look back and re-evaluate to see what's needed to go forward.

Dimina said CDM has significant data analytics potential that could help threat and vulnerability hunters and make federal systems more secure.

"That exact same data that is being collected [for risk awareness and risk scoring] without being changed, has extreme operational value," he told FCW, and "can make [the government's] job easier and more efficient."

Subcommittee Chairman Rep. John Ratcliffe (R-Texas) had bigger concerns about the potential exposure of the federal government to cybersecurity risks.

"The rapidly evolving threat landscape of the modern information age means that government must change its processes to ensure that we aren’t gathering more data than we can protect," he said in his opening statement.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.