DHS to Focus CDM Program on EMM Data, Cyber Risk Scores

The cybersecurity program will evolve to focus on mobile and cloud security and will help agencies use machine learning.

As fiscal year 2020 rolls into view, the Department of Homeland Security’s Continuous Diagnostics and Mitigation program is not just getting a new governmentwide cybersecurity dashboard. It will also be homing in on new areas of cybersecurity data.

Kevin Cox, DHS’ CDM program manager, said earlier this month that the program will look to integrate federal agency management mobile asset data into agency CDM dashboards, MeriTalk reports.

Additionally, starting Oct. 1, agencies will be able to compare their cybersecurity risk scores to the federal average as part of the dashboards, according to FedScoop

“We’re going to, out of the gate, have better visualization of the data for agencies, but we’re also looking to bring in better analytics, better business intelligence, as well as, ultimately, machine learning capabilities — being able to apply that to the data so that agencies are getting maximum benefit from their cybersecurity data,” Cox said Sept. 5 while speaking at the Billington CyberSecurity conference in Washington, D.C., Fifth Domain reports.

MORE FROM FEDTECH: Find out how the NIST Risk Management Framework helps boost agencies’ cybersecurity. 

DHS Lays Out Technology and Data Priorities for CDM

Automated discovery tools at agencies have discovered 75 percent more assets on federal networks than agencies found via manual discovery, Cox said, according to Fifth Domain. 

However, there are millions of devices on agencies’ networks. “We want to help the agencies get full understanding of all the privileged users,” Cox said.

Over the past year, the CDM program gathered more data about the cloud service providers agencies are using and their cloud environments. CDM plans to launch proof-of-concept work on cloud security, Cox said. 

According to Cox’s presentation slides, the program office plans to “work with the DHS team, agencies, system integrators, and DHS Cybersecurity Division partners to determine the right approach and scope for a cloud security proof of concept,” MeriTalk reports.

DHS will also expand pilots with additional agencies to protect their high-value assets. The agency expects to “explore the possibility of having at least one pilot per DEFEND group,” according to presentation slides, referring to the Dynamic and Evolving Federal Enterprise Network Defense task order.

Machine learning will also be a factor in agencies’ cybersecurity postures in the future, Cox said. CDM collects network data in a way that’s “aligned” for machine learning analysis, Cox said, according to Fifth Domain. “We’re helping the agencies get those fundamentals in place so they can benefit from these new technologies,” he said.

MORE FROM FEDTECH: Discover how forensic IT tools lead agencies to better answers after breaches.

Agencies Will get to Compare Cyber Risk Scores

Starting Oct. 1, agencies that have access to the new dashboard will be able to compare their cybersecurity risk scores, known as the Agency-Wide Adaptive Risk Enumeration risk-scoring algorithm, or AWARE.

As FedScoop notes, AWARE “measures how agencies are doing on basic security practices like vulnerability, patch and configuration management in near real time. A smaller cumulative score represents a smaller cyberattack surface.”

When it comes to AWARE, 23 Chief Financial Officers Act agencies and 30 other smaller agencies are scheduled to get AWARE scores, with 40 more coming sometime thereafter, Cox said, according to FedScoop.

“We want to be careful not to share the scores out publicly because we know adversaries will be looking to see which agencies are having problems so they can go target them,” Cox said. “But there may be ways where, once everybody feels comfortable with their AWARE score — all the data is in good shape — that we share it with the deputy secretaries and everybody sees everybody else’s score.”

BlackJack3D/Getty Images
Sep 30 2019

Sponsors