The head of the Continuous Diagnostics and Mitigation (CDM) cybersecurity program says it is working to improve network visibility and data protection at agencies central to the coronavirus response, including vaccine research.
The CDM program’s parent agency, the Cybersecurity and Infrastructure Security Agency, has been “deeply engaged” with the different operational divisions at the Department of Health and Human Services, said Kevin Cox, the program’s manager. Intelligence has shown U.S. adversaries are looking to spy on U.S. vaccine research, and the Department of Justice announced Tuesday it had indicted two Chinese nationals on charges of conspiring with China’s intelligence agencies to steal data from organizations working on a medical breakthrough.
Cox also said the program is aiding the Small Business Administration, which is tasked with distributing loans to companies affected by the pandemic, and other agencies that took on similar jobs during the crisis this year.
“We’re helping to ensure they have a better understanding of what their networks look like — everything that’s connected,” Cox said, speaking during the launch of the Advanced Technology Academic Research Center‘s Security Working Group. “If they don’t know what’s on their network, they can’t protect it.”
CDM is also providing those agencies visibility into whether users are authorized or not and, to the extend the cloud is involved, working with providers and CISA’s Trusted Internet Connections and EINSTEIN teams to ensure proper security protections, Cox said.
“Number one, the system is protected as much as possible,” Cox said. “But should there be a compromise on the system, even if an adversary gets the data they can’t do anything with it.”
CDM deploys network monitoring tools to give agencies a better sense of who is inside and why. Increased telework during the pandemic has uncovered new gaps, and CDM is helping agencies address those, as funding allows, because the current environment could stick around “for some time,” Cox said.
Unrelated to its work around the coronavirus, CDM launched a data quality management initiative in the fall and finalized a plan in May that agencies are now implementing. CDM works to certify an agency’s cybersecurity data elements, and once they’re ready, the agency can use the Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm to get a sense of its security posture and eventually use that information for risk management.
One CDM “tiger team” helped agencies understand how AWARE works, and a second is helping them understand their threat attack surface to be able to mature the algorithm to that risk management point.
“The holy grail here is getting ongoing authorization in place, where we no longer have to manually assess each of our systems every three years,’ Cox said. “Rather we can use near real-time tools and, in some cases, real-time tools to help show that our systems are secure.”