Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

CISA’s CDM program gears up for a new era in cyber defense

How a cornerstone cybersecurity program has evolved from information collection to active defense.

The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics and Mitigation program in recent years to disrupt major cyberattacks and improve overall cybersecurity across the federal government, but officials now say it’s time for the initiative to expand to continue combatting emerging threats. 

The CDM program has been credited with mitigating recent cyber incidents, including the MOVEit mass exploit earlier this year that impacted both on-premise and cloud-based versions of a popular file transfer service used by multiple federal agencies. 

With more than $400 million included in the Biden administration’s fiscal 2024 budget request for the CDM program, the nation’s cyber defense agency has indicated that it wants to launch a “new era” of CDM largely focusing on advanced, proactive cyber defense operations. 

“I hope as CDM goes forward, there’ll be a focus more broadly on access management,” Ross Foard, a senior engineer for CISA’s cybersecurity division, said on Wednesday at an event hosted by the nonprofit AFCEA. 

Foard said his team is currently exploring methods to categorize various types of credentials that the CDM program can help manage in cloud environments as part of a broader effort to ensure agencies are complying with the Federal Information Security Modernization Act and other federal information security requirements.

“We’re not well positioned for that right now,” he acknowledged, noting how the CDM program has traditionally focused on mitigating vulnerabilities within legacy environments. 

CDM can be used to identify and prevent unauthorized access to information technology systems, as well as assist in managing user credentials and ensure secure authentication methods are used to access federal networks. CISA also launched a federal dashboard that automatically collects data from agency-specific CDM dashboards and provides real-time insights that can be used to assist in incident response efforts. 

When the Department of Homeland Security’s CDM program first launched in 2012, agencies lacked automated methods to share information about the devices and software operating in their networks. DHS was focused largely on standardizing cybersecurity capabilities across government and cybersecurity was one of many duties of CISA’s predecessor agency, the National Protection and Programs Directorate

Rosa Smothers, a former CIA cyber threat analyst and executive at the cybersecurity firm KnowBe4, described the CDM program as “a series of defense capabilities” that DHS implemented in response to the National Institute of Standards and Technology’s Information Security Continuous Monitoring guidelines published in September 2011. 

“The NIST concept is to ensure consistent monitoring capabilities with proactive data validity,” Smothers told Nextgov/FCW, describing the CDM program as another layer of federally required cybersecurity measures “to ensure agencies have the tools to assess and address risks on their networks.”

By the spring 2023, all 24 Chief Financial Officer Act agencies were sharing continuous insights with CISA about their operating environments, providing enhanced, government-wide visibility. 

The program’s milestones can be attributed in part to the Biden administration’s 2021 cybersecurity executive order and other White House efforts to reduce vulnerabilities across the federal enterprise, according to a recent blog post published by Michael Duffy, CISA’s associate director for capacity building. 

“The capabilities of CDM today are in stark contrast to those of just a few years ago,” Duffy wrote. “CDM is no longer a static effort to standardize agency capabilities and collect cybersecurity information, but rather the U.S. government’s cornerstone for proactive, coordinated and agile cyber defense of the federal enterprise.”

Source: https://www.nextgov.com/cybersecurity/2023/09/cisas-cdm-program-gears-new-era-cyber-defense/390089/

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

We are glad to present the most recent news on cybersecurity in this week’s Threat and Vulnerability Roundup from Cyber Writes.  The latest attack...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO