Apr 06 2020

DHS’ CDM Program Focuses on Shared Services Dashboard

The key government cybersecurity program aims to give agencies more value from their IT security data.

The Department of Homeland Security’s Continuous Diagnostics and Mitigation program is evolving to give agencies access to a dashboard of shared services that is designed to give them greater value out of the cybersecurity data they are collecting. 

A key goal of the new dashboard, the result of a contract DHS awarded in May 2019, is to give agency IT leaders greater awareness of cybersecurity vulnerabilities and how their IT security compares to that of other agencies. The dashboard aims to bring enhanced performance, visualization, scalability and data analytics to agencies.

Kevin Cox, the CDM program manager at DHS, tells Federal News Network that starting this month and through the rest of the fiscal year ending in September, DHS will be working with 15 agencies to pilot the use of the new dashboard. 

The publication also notes that DHS is “implementing Elasticsearch deployments for the dashboard. Elastic is a search company which builds software-as-a-service products for needs such as application search, enterprise search, metrics and business analytics.”

DHS Starts to Roll Out Enhanced Cybersecurity Dashboard

Starting this month, DHS will deploy the “minimum viable products” for the new agency dashboard, Judy Baltensperger, project manager for the dashboard of DHS’ Cybersecurity and Infrastructure Security Agency, tells Fifth Domain

The dashboard includes capabilities such as cybersecurity risk-scoring and ongoing assessment metrics. The dashboard will be updated again in August. 

The publication adds: 

In November, DHS will deliver with the federal dashboard’s minimum viable products, like system health monitoring and threat intelligence feed integration, with a subsequent update for both federal and agency dashboards coming in February 2021. “We’re going to focus on delivering simple features,” Baltensperger tells Fifth Domain. “Then through our scaled, agile software development, we’re going to iteratively make enhancements to each of these products, and we’re also going to be collecting user feedback from each one of [the] agencies.”

Agency IT leaders and officials will be able to provide feedback on the dashboard to a new user-experience feedback team within the CDM project management office, according to Fifth Domain. 

“The goal is going to be fit for use, operational data. We want you to trust the data that is in this dashboard, and we want to see you start to take action and make risk-based decisions on it,” Baltensperger says. 

Cox notes that DHS has spent the past few years refining the quality of the data that sensors on agency networks and in IT environments send up to agency and ultimately federal dashboards. 

DHS is also focused on bringing in more agencies that were not originally participating in the CDM program, Cox tells Federal News Network. DHS needed to make sure they had asset management capabilities, awareness of the devices connected to their networks and identity and access management capabilities, according to Cox. 

For 34 smaller, non-CFO Act agencies, DHS has provided them with a common shared service platform to serve as their CDM dashboard, although each small agency can see its own data individually as well, which is summarized in the larger federal dashboard. 

Cox notes that this process has not been easy, and DHS benefits when it has flexibility to meet each individual agency’s cybersecurity data needs. 

“With larger agencies, when we implemented the DEFEND task orders that really expanded out the conversation we could have with each agency,” Cox tells Federal News Network. “

“We could take a look at the tool sets that they had in place and if those tool sets met our requirements, then we could utilize those to get the data that was needed to feed into the dashboard and on up to the federal dashboard,” he says.

PeopleImages/Getty Images