The Cybersecurity and Infrastructure Security Agency is pushing the continuous diagnostics and mitigation (CDM) program to the edge.
CISA will spend a chunk of its $650 million windfall from the American Rescue Plan Act to install cyber tools at the end of the agency’s networks.
Kevin Cox, the outgoing program manager of the CDM program at CISA, said he’s moving the tools closer to the edge as an example of the lessons learned and how he’s leaving the cyber initiative in a better place four years after taking the helm.
“Because of the acquisition approach we have in place that gives us the flexibility we need, we can work with our teams within Cisco, we can work with the agencies, and we can work with the industry community to figure out the right way forward to get the endpoint detection response (EDR) capabilities deployed, get that visibility for the agencies and help support federal leadership’s understanding of really what the overall federal threat landscape looks like, so that we can get in front of our adversaries and prevent them from being able to get on our networks and disrupt or exfiltrate data,” Cox said on Ask the CIO. “That’s an example of where we’ve been able to make adjustments. We’ve been able to emphasize newer approaches and newer technologies than what we originally started out with as a program.”
Cox, who is leaving CISA to become the deputy chief information officer at the Justice Department, said the ability to shift on a dime to address threats and vulnerabilities at the end points built up over time. CISA had to reimagine how it was rolling out CDM tools and get the long-term, service vs. product focused contracts in place.
“What we realized was that when CDM started, some of the timelines we originally envisioned were much more aggressive than could be achieved when you’re dealing with one of the largest organizations in the world, which is the federal civilian executive branch, and really being able to account for all the differences within each of the mission spaces. Within each of the organizations, some organizations being very federated with different mission spaces that have their own budgets, have their own ability to provide their own direction, and so we needed to be able to adjust to that, make adjustments on the timeline, but also recognize that there were a broader set of capabilities that we needed to deploy, that would be able to do more for the agencies in what may have originally been envisioned for the program,” he said. “We changed from the nomenclature of phases to capabilities. We recognized that we needed additional time on the contracts to fill the gaps with asset management and fill gaps on the user side as well.”
The most recent gap CDM is trying to fill, along with the end point detection and response capabilities, is with the dashboard.
Cox said the CDM program management office is on track to implement the dashboard and its corresponding capabilities at all 23 CFO Act civilian agencies by the end of fiscal 2021. CISA currently has deployed the dashboard at 13 agencies.
“We’ve been working to get that new dashboard in place and have made great strides this year. We are in the process now starting to take the feeds up from the agencies,” Cox said. “All of those changes really have expanded out what CDM can do to help us achieve some really critical successes. Now all we need to do is just continue that work, get the data up to the federal dashboard, and really lean in to make sure that we have good data quality throughout the whole system, or set of systems. We also want to really make sure that the agencies as well as federal leadership are getting the value from the data.”
Two shared services on tap
As part of this expansion, Cox said CDM also is rolling out a dashboard-as-a-service offering to some of the large agencies and a shared service for the small and micro agencies.
The dashboard-as-a-service will remove the need for agencies to build a back-end system to store and manage the data, and the customer agencies just need to focus on ensuring the data feeds work.
CDM, so far, has deployed the dashboard shared service at 40 small and micro agencies.
“Rather than work to deploy an individual dashboard to each of those smaller agencies, and then put the burden on them to manage the individual dashboard, we build out a shared service where their data is similar to the dashboard-as-a-service that we’re offering to the CFO act agencies. Now the shared service platform enables the agencies to feed their data to this shared environment,” Cox said. “The environment is scalable, flexible, it’s multi-tenant, and each agency only sees their data.”
CDM will roll out the second version of the shared service around July. It will provide a wider number of cybersecurity capabilities.
“With the smaller agencies reporting to the shared service platform, we’ll be able to capture their summary data and feed it up to the federal dashboard from that single platform, rather than having to work one-by-one with individual dashboards and read that data,” he said. “With the new dashboards, we’ve really been able to expand out our offerings, expand out the ability to take in greater volumes of data and at the end of the day to operationalize it to make it valuable to the agencies and to federal leadership.”
As Cox moves to his new position at Justice, he’s confident in the team that will continue to manage CDM.
He said one of his biggest lessons learned from managing CDM over the last four years is the importance of building and maintaining relationships with other agencies and with industry. The CDM team he is leaving has created and maintains many of those connections.
“What I’m going to be bringing back [to Justice] is now a wider understanding of how the federal government works, at least on the civilian side. I better understand what we can do in terms of working with our other civilian agency partners looking to build relationships out there. But also just being able to take bring that perspective in looking at the federated nature within Justice and all their different mission sets,” he said. “I think looking at how we can through the relationship building, through the trust in looking at the needs to support the mission, that we can bring new ideas, push to get the appropriate funding, to support those ideas to help the mission go even further and help the mission achieve its objectives. The ability to really look at the broader technology, not just on a security standpoint, but from a broader cloud and mobile, and broader information technology standpoint. That really will help me be able to provide greater value in what I will set out to do supporting Justice.”