This past summer, the federal government’s Continuous Diagnostics and Mitigation program, better known as CDM, reached an important milestone. Nearly all 23 major agencies covered under the Chief Financial Officers Act were connected to a cyber security dashboard housed at the National Cyber Security and Communications Integration Center.
The dashboard plays an important role in the CDM process. The data used not only helps federal agencies analyze their own cyber security environment, but it provides the Department of Homeland Security with an extra set of eyes on the federal ecosystem as a whole.
The CDM program calls on federal agencies to take control of their networks. The four phases require agencies to understand what is on their network, who is on the network, what is happening on the network, and how that data will be protected. As federal agencies continue to complete these phases, they gain more and more awareness of the overall state of their network.
Data vs. Intelligence
CDM dashboards provide valuable data into the network, but that should be seen as checkpoint – albeit an important one – along a larger cyber journey. Federal agencies will want to turn this data into actionable cyber intelligence that guides fundamental change in network security.
Data provides valuable information, but intelligence provides the necessary context and technical details surrounding a threat. That intelligence can help agencies quickly assess cyber risk and implement proactive controls.
That is what CDM ultimately wants to accomplish. Yes, agencies need to know about the actions happening on their network, but they need that information to make real-time decisions to minimize overall risk.
As federal agencies move further ahead, they will want to ensure that these data dashboards become part of their overall security architecture. These dashboards must be incorporated into security operations centers, helping to guide cyber security decision-making.
Part of a Larger Plan
The CDM program, and the mandates it requires, should not be seen as a stand-alone offering. It is intended to be part of the foundation of a broader cyber security strategy. Agencies should recognize that CDM only establishes baseline functionality and that it should be seen as a springboard to develop more advanced capabilities.
The dashboards serve as a perfect example. Agencies will want to use this data to create deep intelligence structures that add visibility to their network. CDM serves as a great driver for agencies to implement an integrated cyber defense strategy that helps bring together multiple data sources to organize complex workflows.
Federal agencies continue to work on Phases 3 and 4 of CDM. As they move forward, they need to remember that CDM by itself will not protect information. It should be seen as a catalyst for other changes, one that can alter how federal agencies think about their network and how they manage risk.