New CDM bill aims for flexibility, newer tech

intrusion detection (sdecoret/ 

The Department of Homeland Security's Continuous Diagnostics and Mitigation program hasn't been around for very long, but overseers in Congress want to make sure the cybersecurity program remains on the cutting edge of the technology landscape for years to come.

A draft bill introduced by Rep. John Ratcliffe (R-Texas), chairman of the House Homeland Security subcommittee on Cybersecurity and Infrastructure Protection, would amend the 2002 Homeland Security Act to include CDM. The bill also gives the secretary of the Homeland Security added flexibility around purchasing and reimbursement decisions that have vexed agency partners in the past.

It would also call for "regular improvement" of the CDM program, saying the secretary should "regularly deploy new technologies and modify existing technologies" where appropriate.

"Our goal with this new legislation is to help boost the long-term success of the CDM program by ensuring it keeps pace with the cutting-edge capabilities in the private sector," Ratcliffe said in a statement. "We're also safeguarding agencies from getting stuck with technologies that will soon become outdated or unsupported by their vendors."

In comments first reported by FCW, Ratcliffe said in March that he was considering legislation to address a range of problems that have hampered agency compliance for CDM, which Congress views as a key bulwark protecting federal agency networks from cyberattacks.

A congressional source speaking on background said the goal of the legislation is "to codify the program to give it some direction and teeth during the appropriations cycle" while relying on further actions by Congress down the road both legislatively and through oversight hearings to achieve greater buy-in to the program from federal agencies.

In addition to fostering the use of newer technology, the bill would also "make program capabilities available for use by any federal agency, with or without reimbursement."

Many partner agencies have complained about a convoluted funding structure for CDM, where agencies receive only partial funding from DHS that rarely covers the full cost of implementation. The bill would also give the DHS secretary the ability to employ "shared services, blanket purchase agreements and any other economic or procurement models" that maximize the cost savings associated with implementation.

The legislation also requires DHS to develop a comprehensive strategy for the program, including detailed descriptions of coordination required by federal agencies to achieve compliance, any obstacles facing the program, guidelines for federal agencies to continuously upgrade the program's tech and recommendations for feeding the resulting information created through the program into a data analytics and reporting platform.

Outside of the legislative process, program managers have been tweaking the CDM contracting and communications process as well as the structure for new DEFEND task order contracts, with vendor integrators over the past year in response to feedback in order to foster better coordination between DHS and federal agencies.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.