Insight By MobileIron

The integration of mobile devices, CDM to reduce cyber risks

The Homeland Security Department no longer talks about the continuous diagnostics and mitigation (CDM)  program in terms of phases.

After more than six years, the CDM program now is all about capabilities.

The next set of capabilities CDM is aiming to provide to agencies over the next 12-to-18 months are focused around four areas:

  • Ongoing assessments
  • Network access control
  • Certificate management
  • Mobile security

With mobile security, DHS says the goal is to give agencies visibility from their mobility device management systems by sending data to their agencywide cyber dashboard so they have greater understanding of their mobile devices.

DHS says initially it wants to focus on the visibility of the devices themselves so if there is a vulnerability of an Android or iPhone device, agencies will be able to see what their risks are.

Over the longer term, DHS wants to help agencies with mobile application management so they can ensure agencies have the right protections in place to secure the entire mobile environment.

In many ways, these new capabilities will help move agencies from the diagnostics portion of CDM and into the mitigation side. Because like with all aspects of security, you can’t manage mobile devices if you can’t see them.

So what will it take for agencies to implement these capabilities and how will the integration of CDM and mobile devices continue to improve their cybersecurity?

CDM Strategies and Mobility Programs

Where we are looking now is go to the next step to better manage applications on the mobile devices, the data and the access associated with the data. We are looking at Phase 3 [of CDM] to help improve those capabilities around USDA.

Mobility Threat Vectors

We are adding all these additional threat vectors which are difficult to see on a mobile device from a building where our server sits that is monitoring all of these devices. It’s really easy to intercept those signals in between. That is really this new added component of threat to mobile.

Data Risk Analytics, Customer Experience and Workforce

The early phases of CDM was all about understanding what’s on the network, who is on the network and what’s happening on the network. But the later phases are all about how you mitigate what you see and what your analytics have picked up, and then more importantly, can you really remediate those findings in an operational setting such that the work productivity doesn’t get impacted?

Listen to the full show:

Panel of experts

  • Adam Zeimet

    Branch Chief, Identity, Credential and Access Management (ICAM), USDA

  • Stephen Booher

    Lead Mobile Systems Architect, CDM Program, Booz Allen Hamilton

  • Micah Czigan

    Associate Deputy CIO for Cybersecurity, Department of Energy

  • Andrew Lehfeldt

    CDM Chief Strategist, MobileIron

  • Jason Miller

    Executive Editor, Federal News Network

Sign up for breaking news alerts