The Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program is focusing closely on a range of goals for the remainder of fiscal year (FY) 2024 including expanding the program’s asset management capabilities to include mobile and cloud services, and leveraging the fruits of the program’s endpoint detection and response (EDR) capabilities to help CISA provide better security intelligence across Federal civilian agencies.
CDM Program Manager Matt House talked about those priorities on April 2 at the Palo Alto Networks Ignite 2024 conference in Tysons, Va.
The CDM program provides Federal agencies with tools to monitor vulnerabilities and threats in their IT systems in near real-time. The program also provides agencies with a dashboard for tracking IT data, while also feeding agencies into a Federal Dashboard that gives CISA and the Office of Management and Budget (OMB) visibility across agency networks.
Asked about program priorities for the remainder of FY2024 which ends on Sept. 30, House replied that the “two most significant ones for us operationally are to continue to expand what we’re doing, broadly speaking, from an asset management perspective.”
“Our goal is to further the level of operational visibility we have which equals in our minds what CISA and our agency counterparts can see within their enterprise in a near real-time fashion about their inventories and devices on the network, and the attributes of those devices and their significance, be it configuration and settings or vulnerability posture,” he explained.
“Across newer asset classes – and it kind of forecasts to some of what we’re doing here – it goes beyond just your laptops, desktops, servers, workstations … we’re heavily engaged in doing the same for mobile assets,” House said.
The program manager added, “we’re in the early stages of expanding that into cloud assets and … kind of considering how we move that even into Internet of Things and operational technology. So, that’s a big focus for us – expanding asset management operational visibility.”
The other big focus, he said, is making sure that the data gathered by the CDM program’s EDR deployments across agency networks produces optimal intelligence for CISA as it tries to improve security outcomes across all Federal civilian agencies.
House referenced the program’s focus on carrying out EDR requirements laid out in President Biden’s 2021 cybersecurity executive order, and said it’s been a “great story there in terms of the amount of coverage we’ve been able to realize in terms of endpoints protected by EDR agents. That’s step one.”
“Step two is to then put into place the mechanisms for both agencies but also CISA to have visibility into those endpoints through the signaling and data captured by those agents,” he said. Persistent access to that data, he said, “builds upon the EDR deployments to give CISA that access and it’s probably the single most important thing we can do as a program to transform what CISA can and will be doing with agencies to really take to the next level the way that we act as the operational side of the Federal civilian executive branch and transform incident response within CISA.”
“It really is a game changer for us in terms of being able to be a force multiplier across agency organizational boundaries and say, ‘Hey, I see something in Agency X through the EDR mechanism … and it’s probably applicable to these other agencies so go out and look for this one thing we’ve already found over here’ and kind of share information in a very effective manner that leads to tying together a much closer response cycle” to malicious activity and remediation steps, House said.
