DHS, SANS Institute join forces to give agencies cyber primer

Federal cybersecurity workers have gotten the message: A static defense of their computer networks and systems is no longer acceptable or useful.

But chief information security officers and other their staffs continue to struggle to move to a more dynamic approach, commonly known as continuous diagnostics and monitoring.

The Homeland Security Department awarded a blanket purchase agreement to 17 vendors in August worth about $6 billion to help agencies move in that direction.

But DHS is trying not to repeat failures of previous cyber contracts where agencies didn’t understand what they were buying or just didn’t take advantage of the products and services.

Instead, the agency is teaming with the SANS Institute to provide a one-day free training course detailing what CISOs and their staffs need to do to make continuous monitoring a reality inside their agencies.

“What’s key is, how do we overcome the barriers that have kept government agencies from doing a better job of securing their systems? And getting to continuous monitoring has been one of those problem areas. The more data you collect because you are monitoring more continuously, the more you have to do something with that data,” said John Pescatore, the director of emerging security trends for SANS. “You need technologies and processes to make that data work, and government agencies have found that can be expensive, manpower intensive. So the purpose of the workshops is to essentially highlight decision frameworks and processes government agencies can put into action to take advantage of the funding from this program that offers them both products and services completely funded by Congressional funding.”

Funding available; policy coming

Congress provided more than $180 million in the fiscal 2013 continuing resolution to help agencies implement continuous monitoring.

Pescatore said the BPA will help reduce procurement costs, but agencies need implementation help.

“The workshops are there to help them put together the right plans, the right processes and the right timelines to be able to deploy these products, integrate them, use their automation capabilities to take the some of the workload off the government’s security operations people and hear about the future of reporting and certification and accreditation of government systems and how that changes if you sign on to the continuous monitoring efforts,” he said.

SANS and DHS plan to host the workshop Nov. 6 in Washington. It will feature speeches and panels with Gene Dodaro, the Comptroller General of the U.S. from the Government Accountability Office, DHS’ director of Federal Network Resilience John Streufert, and Jane Lute, former DHS deputy secretary and now CEO for the Council on CyberSecurity. The session is free to federal employees, and contractors must pay to attend.

Additionally, Pescatore said the 17 vendors on the CDM contract can pay for the opportunity to present their products or services during the “shootout” part of the workshop. This is where vendors will be presented with real-world cyber scenarios and will get the opportunity to describe how their product or service would help mitigate the risk or vulnerability.

The workshop also comes as the Office of Management and Budget is finalizing a continuous monitoring implementation policy.

Recognizing the value of CDM

Pescatore said the goal is for CISOs and staffs to gain a better understanding in three key areas of continuous monitoring: vulnerability assessment, PC and server security and log management and security event management.

“The first thing will be to walk away with a better understanding of the technologies, how they work, how they integrate with things the government already is doing, and which of the 17 integrators are offering which products and which services,” he said. “They will come back the next day and take advantage of the CDM contract to start getting products and services procured to increase the security of your agency.”

Pescatore said agencies have struggled to process the data continuous monitoring produces.

“If you find only as many vulnerabilities as you could deal with are you better off if you found lots more vulnerabilities but you didn’t have the resources to deal with them, then you might be in a worse position,” he said. “For years, in the government more vulnerability scanning simply meant more data about vulnerabilities we couldn’t do anything about. So the mitigation part of the continuous diagnostics and mitigation contract is about making it easier to patch PCs and applications faster, and applications’ vulnerabilities as well.”

Pescatore said over the long term, CISOs and others will better understand how these CDM efforts will fit in with federal cybersecurity changes over the next year or more.

SANS approached DHS earlier this year for a speaker for a webinar on continuous monitoring. Pescatore said the webinar garnered 1,000 restraints and was a success. SANS is using the workshop to expand the issues covered in the webinar.


DHS to standardize cyber protections through new contract

Inside the Reporter’s Notebook: OMB adds clarity to new cyber policy; Cyber risks during shutdown overstated; OASIS delayed indefinitely

New group strives to clarify, simplify cyber basics for agencies