The Homeland Security Department no longer talks about the continuous diagnostics and mitigation (CDM) program in terms of phases.
After more than six years, the CDM program now is all about capabilities.
The next set of capabilities CDM is aiming to provide to agencies over the next 12-to-18 months are focused around four areas:
- Ongoing assessments
- Network access control
- Certificate management
- Mobile security
With mobile security, DHS says the goal is to give agencies visibility from their mobility device management systems by sending data to their agencywide cyber dashboard so they have greater understanding of their mobile devices.
DHS says initially it wants to focus on the visibility of the devices themselves so if there is a vulnerability of an Android or iPhone device, agencies will be able to see what their risks are.
Over the longer term, DHS wants to help agencies with mobile application management so they can ensure agencies have the right protections in place to secure the entire mobile environment.
In many ways, these new capabilities will help move agencies from the diagnostics portion of CDM and into the mitigation side. Because like with all aspects of security, you can’t manage mobile devices if you can’t see them.
So what will it take for agencies to implement these capabilities and how will the integration of CDM and mobile devices continue to improve their cybersecurity?
CDM Strategies and Mobility Programs
Where we are looking now is go to the next step to better manage applications on the mobile devices, the data and the access associated with the data. We are looking at Phase 3 [of CDM] to help improve those capabilities around USDA.
Adam Zeimet
Branch Chief, Identity, Credential and Access Management (ICAM), USDA
We are adding all these additional threat vectors which are difficult to see on a mobile device from a building where our server sits that is monitoring all of these devices. It’s really easy to intercept those signals in between. That is really this new added component of threat to mobile.
Micah Czigan
Associate Deputy CIO for Cybersecurity, Department of Energy
Data Risk Analytics, Customer Experience and Workforce
The early phases of CDM was all about understanding what’s on the network, who is on the network and what’s happening on the network. But the later phases are all about how you mitigate what you see and what your analytics have picked up, and then more importantly, can you really remediate those findings in an operational setting such that the work productivity doesn’t get impacted?
Andrew Lehfeldt
CDM Chief Strategist, MobileIron
Listen to the full show:
Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.