85 Percent Say CDM Improves Fed Security – But Agencies Wonder How To Pay For It
It’s an interesting time to take stock of DHS CISA’S Continuous Diagnostics and Mitigation (CDM) program – the big question, seven years in, is CDM improving Federal cyber security? That’s what Hill leaders want to know – and that’s why MeriTalk surveyed 160 Federal government and industry CDM stakeholders to grade the program’s effectiveness.
There’s not much that Rs and Ds agree on today. But both Congressman Gerry Connolly, D-Va., and Congressman John Ratcliffe, R-Texas, are CDM boosters – and they want more and better for Federal cyber security.
The Good News
CDM is moving the needle on securing Uncle Sam. Eighty-five percent of study respondents say CDM has improved Federal cybersecurity; and 64 percent of Federal officials give DHS an “A” or “B” grade for its management of the CDM program.
Drilling down on the study findings, more than three quarters of respondents say CDM has:
- Increased visibility into the Federal cybersecurity posture (80 percent);
- Improved cybersecurity response capabilities (79 percent);
- Spurred progress in reducing network threat surfaces (78 percent); and
- Streamlined FISMA reporting (75 percent).
Hill Leaders Want More
Key tech leaders in Congress pored over the CDM Referendum study and hailed the DHS CISA’s progress, but said the government needs to press for more action on security challenges.
“While this study demonstrates we have made important progress in improving Federal cybersecurity, cultural and training challenges remain obstacles to full CDM adoption and integration,” said Rep. Connolly, chairman of the House Government Operations Subcommittee. “As cyber attackers continue to target the Federal government, CDM is a critical tool in protecting our IT systems. It must become a priority for senior IT leadership.”
Rep. Ratcliffe, sponsor of major CDM legislation in the House, commented, “The data revealed in this study reaffirms the need to support CDM’s sustained success, so our nation’s cybersecurity posture can continue reaping the benefits it’s provided to our Federal networks over the past seven years.” He continued, “This is why I’ve teamed up with my colleagues on both sides of the aisle to advance legislation that will make CDM permanent and expand its reach, as we continue using it as a critical tool to combat growing cyber threats in the years to come.”
Room To Do Better
But there’s certainly room to go from good to great. Feds flagged ongoing CDM challenges, including: culture (59 percent), training and IT security staff (54 percent), and difficulty integrating legacy systems (48 percent). And, as ever, budget is a concern – only 27 percent say that their agency can maintain current CDM progress with current budget allocations.
“We are aware of the survey results and appreciate all efforts to encourage the use of the Continuous Diagnostics and Mitigation program, which is a key component of our efforts to secure and defend the Federal Government’s information technology against advanced cyber threats,” a CISA official said.
Where To Now?
About half of respondents agreed DHS should focus for the next three years on helping agencies address gaps in early-stage program adoption, and expanding CDM applications in cloud environments.
“How do you spell Federal Cybersecurity? It’s CDM,” said Steve O’Keeffe, founder, MeriTalk. “Federal agencies and industry say the program’s making great strides – but also provide critical feedback to CISA at DHS as well as appropriators and legislators on the Hill. Listening to the community makes CDM stronger – which improves Uncle Sam’s cybersecurity.”
Cyber Smoke at Morton’s Steak House in D.C. the evening of the 10th.