This second part of this interview can be found here.
Compared to other major federal programs, the Department of Homeland Security’s continuous diagnostics and mitigation program is still in its infancy. However, 2020 promises to be a big year for CDM.
Kevin Cox, CDM program manager at DHS, said his team is now deploying a new dashboard, so that agencies have the ability to use more analytics, business intelligence and better visualization when it comes to operationalizing their data. He said that was coming from both a risk management standpoint and a federal standpoint.
“In addition to all of that work, we’ve expanded out into our network security management arena,” Cox said on Federal Monthly Insights – CDM Month. “We are working with agencies to get a better understanding of what their perimeters look like, what data they already have out in the cloud.”
Some new cloud pilot planning is underway at agencies, both to better understand what data is available to see who has access to it on a continuous basis.
“We’re about to begin an effort to work with agencies to pull in their mobile asset data from their enterprise mobility management systems. So we’re venturing in on the mobile side,” he told Jason Miller on Federal Drive with Tom Temin.
Part of that operationalization process, and another key driver for CDM since 2019, Cox said, is making sure the data is good quality from ground sensor to the dashboard. Filling those gaps was a major concern of DHS’ CDM DEFEND task orders. DHS also needed to bring in more agencies which were not originally participating in the CDM program, which means making sure they have asset management capability, awareness of what’s connected to their networks, and identity and access management capability, Cox said.
The program has a shared service platform in the cloud for 34 non-CFO Act agencies in order to deploy such capabilities to them, rather than requiring them to build their own dashboards. But each agency can just see their own data, which is summarized to the federal dashboard, Cox explained.
But he acknowledged this process has not been easy, and that the more flexibility DHS has to meet a particular agency’s data needs the better.
“With larger agencies, when we implemented the DEFEND task orders that really expanded out the conversation we could have with each agency. We could take a look at the tool sets that they had in place and if those tool sets met our requirements, then we could utilize those to get the data that was needed to feed into the dashboard and on up to the federal dashboard,” he said.
For now, the General Services Administration will award a new contract for DEFEND group F, which Cox said will give DHS more flexibility to support the non-CFO Act agencies and expand out beyond basic asset, identity and access management solutions to a much fuller cybersecurity approach.