This first part of this interview can be found here.
A new tool for continuous diagnostics and mitigation across the federal government has several pilots underway. And the Department of Homeland Security is sending participant agencies data to get acclimated.
In May, DHS awarded its new CDM dashboard contract which was intended to bring better scalability, performance, visualization and analytics to agencies. According to Kevin Cox, CDM program manager at DHS, that was to ensure agencies receive the greatest value from their cybersecurity data, in order to better manage their risks.
Now through April, and the rest of the fiscal year, Cox said DHS is working with 15 agencies to be early adopters of the new dashboard. DHS is also implementing Elasticsearch deployments for the dashboard. Elastic is a search company which builds software-as-a-service products for needs such as application search, enterprise search, metrics and business analytics among other.
“What we’ll do is work with the agency themselves, work with their system integrator through the DEFEND task order, and then also work with our dashboard provider to set up the new agency dashboard at each of those agencies,” Cox said on Federal Monthly Insights – CDM Month. “And that will then enable us to feed the data into the new dashboard, get the agencies comfortable with it. And then once all of the data is flowing, once the agency is comfortable with it, then it would go into full operational. And then they could just continue to use the new dashboard going forward.”
He called the move to pilot the dashboard within 15 agencies at once a positive step. DHS will start with the CFO Act agencies because through the DEFEND task order, Cox said, they have broader flexibility and capability to support them. Once the DEFEND F task order is awarded to non-CFO Act agencies, they will look to deploy the dashboard technology later this year and into next.
“We’ve been really leaning in as much as we can to get it deployed as quickly as possible, because we do see the value in it – just in terms of what we can do from not only at the agency level, but also at the federal level in terms of helping better visualize agency environments and risk across the federal landscape,” Cox told Federal News Network Executive Editor Jason Miller on Federal Drive with Tom Temin.
The dashboard should also going to provide new capabilities around artificial intelligence and machine learning. That feeds into a bigger 2020 effort known as the Agency-Wide Adaptive Risk Enumeration (AWARE) score. Cox called it an algorithm, developed with the State and Justice Departments, which provides a good analysis of the attack surface of an agency. AWARE uses basic measurements such as vulnerability management and configuration management, weighted by age and criticality.
Adversaries are attacking or exploiting agencies to get to their networks via endpoints which are not patched well.
“So what we’re trying to do is measure how well each agency is doing in terms of managing their vulnerabilities, how they’re managing patching, how they’re managing configuration, and then that will give us a sense of is an agency doing well?” Cox said. “Are they shrinking their attack surface? Or does this agency need some additional help because they’re not getting things patched quickly enough or they’re not properly configured?”
AWARE helps DHS see what agencies are doing well in these areas and may have lessons to share with others.