The Department of Homeland Security is pushing the ball forward on its Continuous Diagnostics and Mitigation cybersecurity program, specifically with the federal dashboard that monitors governmentwide cyber risk across agencies.
In late May, DHS awarded a contract worth $276 million to enhance the CDM dashboard into “a state-of-the-art ecosystem that includes ongoing advancements in data visualization, data ingest, indexing, and search performance,” according to a press release. Cybersecurity analytics will be delivered using business intelligence, artificial intelligence and machine learning technologies.
“It’s going to take us a few years to get everything in place, but this is what’s going to enable us to get to the more advanced capabilities,” CDM Program Manager Kevin Cox said at an industry event shortly before the contract was awarded, according to FCW.
“Being able to bring in machine learning to interact with the data and get additional value for the agencies, bringing in AI to write the algorithms to really expand out what we can do with the data,” Cox added. “Because we do really have a treasure trove of data here, not just from a security standpoint, but also from an operational standpoint.”
How Does DHS’ CDM Program Work?
Under CDM, agencies go through four phases (which DHS has started to call “capabilities”): identifying what is on the network, identifying who is on the network, describing what is happening on the network and defining how data is protected.
The CDM program gives agencies the resources to achieve these goals, including commercial hardware, software and services. Once the tools are in place, an agency will be better able to monitor its networks and respond nearly instantly to a vulnerability.
Agencies install sensors in their networks and infrastructure that perform an ongoing, automated search for known cybersecurity flaws. Data from the sensors then feeds into an agency dashboard, which then, in turn, creates customized reports that alert network managers of their most critical cyber risks, according to DHS.
“Prioritized alerts enable agencies to efficiently allocate resources based on the severity of the risk. Progress reports track results, which can be used to compare security postures among agency networks,” DHS notes on its website.
Summary information from the agency-level dashboards feeds into a federal enterprise-level dashboard built with RSA Archer, which is used to inform key decision-makers and provide situational awareness into the cybersecurity risk posture across the government.
New CDM Dashboard Capabilities to Come Online
The new CDM dashboard is designed to bring significant enhancements to the federal dashboard.
These include a threat intelligence platform for governmentwide threat indicator sharing, as well as integration of the Agency-Wide Adaptive Risk Enumeration risk-scoring algorithm. AWARE, similar to a cybersecurity credit score, allows agencies to prioritize cybersecurity vulnerability mitigation activities using threat data combined with agency dashboard data related to the existence of known vulnerabilities and the Federal Information Processing Standard Publication 199 (FIPS 199) information system impact level (high, moderate or low), as a White House report notes.
The new dashboard will also support the deployment of security orchestration automation and response tools to automate cybersecurity defenses and the remediation of vulnerabilities.
With CDM, DHS isn’t just focused on the larger 23 Chief Financial Officers Act agencies; smaller agencies and micro-agencies are also being brought into the program. DHS has stood up a shared-service platform for those smaller agencies, and it has been deployed for at least 19 of these agencies so far, Cox tells FedTech in a previous article.
“Each agency has its own dashboard in the multitenant, shared-service environment. All of those dashboards report up to the federal dashboard,” he says.
With a new statement of work expected this summer for the next iteration of the shared-service platform, DHS plans to expand the scope and range of available shared services. The program has another 57 memorandums of agreement in place with other non-CFO Act agencies. “At the end of the day, we’re continuing to work to provide all of the non-CFO Act agencies access to our services and to the visibility that they need,” Cox says.