New CDM bill aims for flexibility, newer tech

intrusion detection (sdecoret/ 

The Department of Homeland Security's Continuous Diagnostics and Mitigation program hasn't been around for very long, but overseers in Congress want to make sure the cybersecurity program remains on the cutting edge of the technology landscape for years to come.

A draft bill introduced by Rep. John Ratcliffe (R-Texas), chairman of the House Homeland Security subcommittee on Cybersecurity and Infrastructure Protection, would amend the 2002 Homeland Security Act to include CDM. The bill also gives the secretary of the Homeland Security added flexibility around purchasing and reimbursement decisions that have vexed agency partners in the past.

It would also call for "regular improvement" of the CDM program, saying the secretary should "regularly deploy new technologies and modify existing technologies" where appropriate.

"Our goal with this new legislation is to help boost the long-term success of the CDM program by ensuring it keeps pace with the cutting-edge capabilities in the private sector," Ratcliffe said in a statement. "We're also safeguarding agencies from getting stuck with technologies that will soon become outdated or unsupported by their vendors."

In comments first reported by FCW, Ratcliffe said in March that he was considering legislation to address a range of problems that have hampered agency compliance for CDM, which Congress views as a key bulwark protecting federal agency networks from cyberattacks.

A congressional source speaking on background said the goal of the legislation is "to codify the program to give it some direction and teeth during the appropriations cycle" while relying on further actions by Congress down the road both legislatively and through oversight hearings to achieve greater buy-in to the program from federal agencies.

In addition to fostering the use of newer technology, the bill would also "make program capabilities available for use by any federal agency, with or without reimbursement."

Many partner agencies have complained about a convoluted funding structure for CDM, where agencies receive only partial funding from DHS that rarely covers the full cost of implementation. The bill would also give the DHS secretary the ability to employ "shared services, blanket purchase agreements and any other economic or procurement models" that maximize the cost savings associated with implementation.

The legislation also requires DHS to develop a comprehensive strategy for the program, including detailed descriptions of coordination required by federal agencies to achieve compliance, any obstacles facing the program, guidelines for federal agencies to continuously upgrade the program's tech and recommendations for feeding the resulting information created through the program into a data analytics and reporting platform.

Outside of the legislative process, program managers have been tweaking the CDM contracting and communications process as well as the structure for new DEFEND task order contracts, with vendor integrators over the past year in response to feedback in order to foster better coordination between DHS and federal agencies.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.