Continuous Diagnostics and Mitigation Phases 3 and 4 Require a Holistic Cyber Approach

As the Continuous Diagnostics and Mitigation (CDM) program enters another stage, it requires a new way of thinking. While agencies will continue to buy tools to fill gaps in their defenses, they need to start thinking about how those tools fit into their larger cyber security strategy.

The first two phases of the program were very much tool-oriented, with a focus on automating the ability to detect the assets and people on a network. The task orders, issued against the CDM Tools/Continuous Monitoring as a Service blanket purchase agreements, typically ran two or three years.

CDM efforts shift gears with Phases 3 and 4, which are focused on more advanced capabilities, including incident response, mobile security, cloud security, network access controls and data protection.

Phase 3 and 4 task orders, which will be placed against the Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) task order series through Alliant (and later Alliant 2), will run as long as six or seven years, reflecting the greater complexity of the work to be done.

These advanced capabilities will help agencies make significant strides in strengthening their cyber posture. Yet as important as these capabilities are, they can only go so far as long as they are deployed as stand-alone functions and not as part of an integrated cyber defense strategy.

Think about it from the perspective of a security operations center (SOC). The goal is not just to improve the security of cloud operations, for example, but to identify and mitigate threats to data and applications wherever they reside—whether in the cloud, in on-premise systems or mobile devices—and to understand how those threats to the cloud fit into the organization’s larger threat surface.

In acquiring CDM products and services to address different threat vectors, agencies need to think about this larger picture—about how the CDM offerings will work with each other and with other solutions in their enterprise.

And it’s more than a matter of integrating tools from a technical perspective. It’s about creating an integrated cyber defense platform that provides an agency with the ability to manage security operations across the entire enterprise, from identifying potential events and analyzing threat intelligence to orchestrating responses.

This holistic approach is even more important as we look to the future. In July, Rep. John Ratcliffe (R-Texas) introduced the Advancing CDM Act, which among other things would require DHS to ensure that CDM keeps up with advances in cyber security capabilities.

Whatever the fate of this particular proposal, it highlights the need for agencies to keep pace with advances in the private sector. Without a doubt, Symantec and other companies will be developing new tools that we cannot even imagine today. By establishing an integrated cyber defense platform now, agencies will be in a better position to quickly incorporate such advances into their operations.

It’s important to remember that CDM was never intended to be a comprehensive solution. Rather, the program was designed to provide a foundation for a true risk-based approach to cyber security, with a broader spectrum of cyber tools being required to address the risks. To realize the full benefits of CDM, agencies need to approach the program as a part of a more holistic cyber strategy.

Read more HERE about Continuous Diagnostics and Mitigation from the Department of Homeland Security.