The fallout from the OPM breach continues with news that clearance information may have been stolen and that more than 10 million federal employee records may have been breached. In response, the White House has ordered every agency to engage in a “30 day sprint” to shore up and bolster their defensive cybersecurity capabilities. During this time, agencies will be asked to focus on protecting data, improving situational awareness, increasing cyber proficiency, and making improvements in other critical areas. But with such a short time frame to make these changes, some agencies are left wondering if there is a roadmap or best practices that can guide these improvements.
The Continuous Diagnostics and Mitigation (CDM) program laid out by DHS may provide just the tools these agencies need during the 30-day sprint. CDM is an evolution of the government’s security model, and gives agencies the tools to identity, monitor, and respond to threats on a continuous basis. It gives agencies insight into all the assets connected to their networks and potential vulnerabilities from a central dashboard. With automated monitoring, CDM collects information across an agency’s enterprise environment and prioritizes potential risks for security professionals in real time, helping them spend less time on identifying threats and more time responding to them. It provides better visibility and strengthens existing defenses, helping to improve overall posture.
When the capabilities of CDM are compared to the goals of the 30-day sprint, it becomes evident that they are complementary. CDM can improve situational awareness, improve defenses in the most vulnerable areas, and streamline processes to let help acheive better. It increases efficiencies and lets agencies achieve better security outcomes without spending more on new security products. During the next few weeks as government agencies make important moves to bolster their cyber capabilities, they should look to the CDM program as a guiding light that can ultimately make them safer.