DATA ANALYTICS
Executive Viewpoint
A CONVERSATION WITH KEVIN COX
The CDM Program Manager discusses the direction of the CDM program and how each phase will help agencies improve risk management and strengthen cyber e orts.
SPONSORED CONTENT
 KEVIN COX
CDM PROGRAM MANAGER, DHS
What is CDM, and how well is it understood by federal agencies?
CDM is Continuous Diagnostics and Mitigation, and we are working with agencies to implement technologies and processes to help them continuously monitor the cybersecurity posture. Within the agency teams we are working
with, I think CDM is well understood. But it’s important to continually communicate what our program is about and its direction, and how it can help agencies do cybersecurity better.
What is it that you are doing - through the CDM program - to help agencies improve their cybersecurity?
We have two models we use. In the  rst, we break things up into multiple phases, with phase one helping agencies to understand what is on their networks; phase two helping them understand who their credentialed users are and how they are managing tasks on the network; and phase three helping them understand what is happening on their network, that proper boundary protections are in place and then
to identify incidents as they occur. A fourth phase is aimed at getting additional protections in place for data, such as data loss prevention, data rights management, etc. I think that whole approach has also helped agencies understand what CDM is about.
The other is what we call the ABCD model, which is a layered model. The A layer is down
at the system level, where we get all of the
sensors and other technologies to get continuous monitoring deployed. The B layer is where we integrate all of the data from the various agency centers, so that we can normalize and standardize it. We feed everything from that to the C layer— the agency dashboard—where we provide object level data for the agencies to review and help track how their systems security is working in near real-time. The D layer is where we feed everything from the C level to the federal dashboard, which
is how federal leadership can get a near real-time view of how all the government networks are working, which helps them with decision-making, prioritization, resource management and so on.
What bene ts have agencies already seen from the CDM program?
Acquisition is one of the  rst big wins. We’ve been able to do procurements for multiple agencies at the same time, and as a result, have achieved signi cant savings with the volume discounts through the GSA Schedule 70 contracts. Second, we’ve identi ed quite a few more endpoints — servers, laptops, desktops, etc.
— that are on agency networks that the agencies weren’t aware of before the CDM program. With that discovery, we’ve been getting actual tools deployed to help agencies ensure systems are properly patched and con gured.
What can agencies do now to measure where they are with CDM and how well they are set up for the future?
It’s a matter of knowing which systems belong to which components or operational division within the agencies, and which stakeholders are associated with particular systems so they can be brought into the discussion. It’s also knowing what cybersecurity tools they already have in place, what the licensing of those tools is and up-to-date accounts of where the tools are deployed.
Agencies also need to really know their environment, their mission, culture, policies and procedures. When we have the best understanding from an agency about stakeholders, how the mission works and what the mission milestones and deadlines are, we can craft the program to conform more closely to the organization’s needs.
This interview continues at Carahsoft.com/innovation/ DHS-cybersecurity
  S-16