Federal agencies that have been deploying tools and other systems to better understand the network assets they have are now in a position to more quickly identify and patch flaws, a Department of Homeland Security (DHS) official said on June 21.
The deployment of the Phase one tools of the Continuous Diagnostics and Mitigation (CDM) program combined with new dashboards that make sense of the data being collected are letting agencies know what’s on their networks, and run reports to immediately to check if patches are in place to address vulnerabilities, Kevin Cox, the program manager for CDM at DHS, said at a conference hosted by Meritalk and the information security firm Tenable.
Before the initial CDM tools were deployed, some agencies may have had some capabilities to understand if they had vulnerabilities in their networks and then report manually to the DHS cyber security watch center, called the NCCIC, Cox said.
“And the NCCIC, which manages incident reporting and response for the federal government had to rely on that manual reporting from the agencies,” Cox said. “Now with us deploying the Phase one tools out there, giving them a sense of what’s on the network, we now are able to get near-real time data.”
Cox said that agencies are being deployed now and the DHS federal dashboard will begin operating in July. The dashboards take results from the CDM sensors to produce customized reports that include alerts to critical risks.
When the WannaCry ransomware virus began attacking computer networks around the world in May, federal agencies with the CDM tools “were able to quickly run a report across their environment, both with the tools and in a couple cases where we had the agency dashboard in place, run a report from those different places and see instantaneously whether they were patched for that particular patch addressing the vulnerabilities associated with it,” Cox said. “So that’s a good example of the value of the CDM program in terms of understanding what’s happening in … the agency environments.”
The federal dashboard will enable DHS to receive a “summary feed from the agency dashboards and we can run a report across the federal government to see how the agencies’ security posture looks,” he said.
Currently agencies are buying and deploying tools for the first two phases of CDM. The first phase let’s network administrators know what’s on their networks and the second phase who is on their systems. The third phase of the program will provide tools and sensors to understand what’s happening on the network, including tying incidents to systems and devices, and the final phase is in planning now and will consist of data protection.
Cox said the biggest hurdles to deploying the cyber security tools within federal civilian agencies have been cultural rather than technological. DHS has had to get “buy-in” across some organizations given the disparate politics and different mission areas, he said.
There have also been challenges at the federal level around compliance as reporting begins to increasingly shift from manual to automated, he said.
Having greater awareness of the systems on their networks is also creating operational efficiencies in addition to greater security, Cox said.
“For the first time, many of these agencies finally have near-real time visibility in terms of the assets in their organization, the assets connected to the network,” he said, allowing employees and contractor personnel to be reassigned due to efficiencies, and to better understand what is happening on the networks.