Recently, Billington hosted their 10th annual Cybersecurity Summit, one of the premier cybersecurity conferences where industry leaders and government officials join together to discuss the current state of cybersecurity. Several key themes presented themselves throughout the two-day summit, including cloud, cybersecurity legislation, and DHS’s Continuous Diagnostics and Mitigation program (CDM). Kevin Cox, the program manager of CDM at CISA, and private sector experts involved in the program discussed new developments and some of the benefits of CDM.
While updating the audience on CDM, Cox teased several important updates to the program expected soon, including a new dashboard system and an algorithm that will show agencies how they’re doing with basic cybersecurity measures — the Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm. Cox said that 50 federal agencies are reporting data to the federal dashboard, 74 smaller agencies are using the CDM shared services dashboard, and 31 agencies are reporting AWARE scores.
CDM has largely been a success throughout the federal government. According to a recent MeriTalk report, 85% of federal and industry stakeholders said that CDM has improved federal cybersecurity, with its most helpful capability being the increased visibility about the federal government’s cybersecurity posture. Now the program should move ahead on a cloud initiative, as federal agencies and organizations have been moving to cloud for some time, and many are in multi- or hybrid-cloud environments.
Cox noted that the program office would begin to address cloud security, specifically, “work[ing] with the DHS team, agencies, system integrators, and DHS Cybersecurity Division partners to determine the right approach and scope for a cloud security proof of concept.”
Another speaker at Billington, McAfee SVP and CTO Steve Grobman, took part in a panel devoted to cloud security. The conversation focused on the differences between traditional computing and cloud computing, current cybersecurity issues, and how policy can change that landscape.
“Cloud has given us the ability to redefine the security architecture,” said Grobman. “Although we can secure our environment using a lot of new capabilities, we need to recognize that the scale that cloud operates and that the issues are going to be bigger.”
Moving applications and infrastructure to the cloud securely is something government agencies need to prioritize, and programs like CDM should give the workforce and federal agencies the tools they need to make this important transition. McAfee is working with federal, state and local governments to adopt cloud capabilities to better detect threats and establish procedures to work through how to recover.
Supporting CDM has been one of McAfee’s highest priorities for the past 10 years. We designed several products specifically to meet CDM requirements, and we remain committed to making the aims of CDM a reality both today and well into the future. We also appreciate that organizations such as Billington continue to advance the conversation on important topics like both CDM and cloud security. and look forward to assisting our federal partners on both.