CDM: The Best Defense is a Good Offense

Despite arsenals of cybersecurity tools and adherence to best practices, government agencies are experiencing more sophisticated and damaging cyberattacks than ever. According to a report from Cisco Systems, agencies are experiencing devastating attacks such as cryptojacking—network-based cryptoworms that allow cybercriminals to launch ransomware campaigns without human involvement. Cybercriminals increasingly are using techniques that make malware traffic virtually impossible to identify and using encryption to evade detection. The situation is no better at the state and local level where public sector agencies have experienced 137% more cyberattacks over the last few years.

The missing piece, government leaders believe, is finding a way to increase network visibility and quickly analyze and prioritize issues so they can be addressed in near real time. The answer is Continuous Diagnostics and Mitigation (CDM), an automated way to dynamically and continuously monitor networks, evaluate security risks, and determine the best way to address problems. CDM works in concert with agencies’ existing arsenal of cybersecurity tools.

For the past few years, the leader in promoting CDM and making tools available has been the Department of Homeland Security. Its CDM program and tools, and the Continuous Monitoring as a Service Blanket Purchase Agreement (BPA), will expire in August. To pick up the slack, GSA has issued a special item number (SIN) for CDM program tools that will allow federal, state and local agencies to identify and order CDM products more easily.

With the end of the BPA performance period, GSA understood that other organizations besides DHS could benefit from the processes established for the BPA to address their mandated cybersecurity requirements,” says Paul Shipe, Program Manager GSA for CDW-G.  By creating a dedicated CDM SIN, GSA provides customers with access to only approved products that have met established technical requirements, a streamlined acquisition approach, pre-screened and qualified providers, and fair and reasonable pricing.”

The CDM SIN covers five subcategories of CDM solutions:

What is on the network: Identify the existence of hardware, software, configuration characteristics and known security vulnerabilities. This includes hardware asset management, software asset management, configuration settings management and vulnerability management.

Who is on the network: Identifies and determines the users or systems with access authorization, authenticated permissions and granted resource rights. This includes managing trust in people granted access, security-related behavior, credential and authentication, and account/access/manage privileges.

 

How is the network protected: Determines the user/system actions and behavior at the network boundaries and within the computing infrastructure. This category focuses on management of network access controls.

What is happening on the network: Prepares for incidents, gathers data, and identifies intrusions through analysis of data. Includes preparing for and responding to contingencies and incidents, as well as ongoing assessment. It also includes design and build in requirements policy and planning and quality supply chain risk management, as well as managing audit information, operation security and ongoing authorization.

Emerging Tools and Technology: includes CDM cybersecurity tools and technology not in any other category.

With cloud computing growing throughout government, the ability to procure cloud services via GSA IT Schedule 70 eases the process. By using a pre-approved vendor with expertise in cloud computing in federal agencies – such as CDW-G – agencies can collaborate with a long-time government partner with a full complement of cloud-related services and offerings, along with a specialized government support team.