Several agencies are taking a more measured approach in implementing the Continuous Diagnostics and Mitigation program in order to make better sense of their data.
Begun by the Department of Homeland Security in 2012, CDM participation was mandated of agencies by the Office of Management and Budget in 2018. Still, the Government Accountability Office found in December that nearly three-quarters of agencies were behind in implementing CDM capabilities like network security and data protection.
Both the departments of Energy and Health and Human Services started with on-premise continuous monitoring and are now considering how to migrate to the cloud while consolidating data centers.
“I think the biggest thing for us is slowing down, as opposed to speeding to the cloud,” Greg Sisson, deputy chief information security officer at DOE, said during a panel discussion at the 2019 Cloud Smart Talks summit, presented by Nutanix and produced by FedScoop.
DOE wants to increase cybersecurity visibility across its national labs and sites, Sisson said. But rather than focusing on which tools to deploy, the department is first assessing the data it needs. Once DOE implements a Factor Analysis of Information Risk, or FAIR, risk-assessment model, then it can start its cloud migration pilot, he added.
Similarly, HHS is taking stock of its data to determine how to best safeguard the information, said Oki Mek, chief technology officer for the acquisition division at HHS.
“I’m not even talking about advanced [artificial intelligence],” Mek said. “I just want something that clusters the data and puts it in the right place and makes sense of it so I understand it. I think that’s the biggest help that our federal agency needs.”
Long term the department believes it can automate the CDM program, including the authority to operate process, using blockchain, he added.
Other agencies like the Small Business Administration are already in the fourth phase of CDM.
In 2017, SBA started its cloud migration, and last year, it launched a Trusted Internet Connection pilot to prove it could meet CDM’s goals within a cloud-based model. Last week, SBA finished another 90-day pilot modernizing CDM, said Sanjay Gupta, CTO of the agency.
Now SBA has one set of scalable, cloud-based cyber tools for monitoring, flagging and remediating threats across on-premise, cloud and hybrid environments, Gupta said.
The agency ingests half a terabyte of data daily from its biggest assets and processes them in the cloud via microservices.
“We are paying pennies on the dollar to process this data on a daily basis,” Gupta said.