Two big lessons learned from CDM
- By Paul Parker
- Dec 20, 2018
Since its inception in 2013, the Department of Homeland Security's Continuous Diagnostics and Mitigation program has displayed the efficacy of continuous monitoring in an agency environment. Kevin Cox, CDM program manager at the DHS, has stated that CDM Phase 1 revealed there are over 75 percent more assets attached to the agency's networks than were previously known. Phase 2 of the CDM program is complete, and Phase 3 is currently underway.
In many cases, this aggressive effort is happening in parallel to expansive network modernization efforts that could potentially pose their own security risks. Migration from legacy to modern network architectures, such as software-defined networking (SDN), can create security blind spots that federal IT managers can find difficult to identify, let alone overcome. These blind spots can be particularly prevalent in agencies with hybrid IT and multi-cloud environments, where data passes between hosted service providers and the agency itself.
Consider this: The McKinsey Global Institute estimates that the number of connected devices will reach 25 to 50 billion by 2025. Imagining even a fraction of those devices on a government network in the process of making the move to a more modern infrastructure clearly depicts how the growth of the internet of things can add to current challenges.
The growth of IoT combined with the increased complexity of network environments has the potential to create a perfect security storm. Agencies need to be able to manage this increasing complexity at scale.
Fortunately, the CDM program provides a solid blueprint to help navigate complex environments and expose blind spots. With that in mind, let's look at two big lessons agencies participating in the CDM program have learned. Managers at other agencies can apply these lessons for better success in their own security efforts as well.
Hire the right people
Salaries should be included in that line item. Personnel with the right security skills may come at a premium, as these professionals are sorely in demand. Research from Frost & Sullivan indicates a massive cybersecurity skills shortfall of 1.5 million professionals by 2020, which is compounded by the fact that hiring managers are struggling to support these additional hiring needs.
There is an enormous opportunity for government to take the lead here, and it is showing the willingness to do so. Programs like CDM and the Department of Defense's Comply to Connect exemplify efforts to invest in the proper tools to mitigate cyberthreats. But tools are just tools. Agencies need the correct personnel in place to manage those tools and set security policies. They should be able to understand the changing nature of cybersecurity threats and develop agency-specific programs to address those issues.
Use technology to enforce security policies and automate threat responses
The configuration and system security policies agencies develop can be enforced through automated cybersecurity solutions that monitor networks and respond to and mitigate threats in real-time. Security and information event management and user device tracking solutions represent the types of automated security tools being used by CDM-participating agencies. These agencies continuously track logins and events (answering Phase 2's "Who is on the network?" question) and the types of devices affecting their networks (addressing Phase 1's query, "What is on the network?"). Tools like these have proven indispensable in the fight for better cybersecurity.
That fight will likely be going on for a long time yet. Even though Phase 3 of the four-phase plan is upon us, there is still much work to be done, especially as networks grow in complexity.
The federal government understands this and is doing its part to simplify, standardize and improve the CDM program through legislature like the Advancing Cybersecurity Diagnostics and Mitigation Act. With its focus on continual improvement and innovation, the ACDMA is designed to help create a new and more agile CDM effort. This can take the program and participating agencies into the next phase of their cybersecurity lifecycles.
Continuous network monitoring will likely play a significant role in those phases. Phases 1 and 2 have taught agencies that continuous network monitoring, when done correctly, can yield significant benefits. Following the lessons learned by the first few years of the CDM program can help all agencies set themselves up for improved cybersecurity success.
Paul Parker is chief technologist – Federal and National Government, SolarWinds.