DHS plans next steps for continuous monitoring program
The Department of Homeland Security this week plans to launch an online training portal for state and local governments interested in leveraging continuous diagnostics and mitigation program best practices. The training program, expected to be online as early as this Friday, is part of a larger DHS strategy to create a specialized cadre of cybersecurity professionals nationwide who are capable of monitoring and protecting a new, emerging architecture known as “critical application resilience.”
The initial training information will be posted on a special Web page hosted by the U.S. Computer Emergency Readiness Team, said John Streufert, director of federal network resilience at DHS. The training will cover the first phase of DHS’ CDM program, including hardware and software asset management, configuration management and vulnerability management.
But Streufert, speaking at the 2014 Cybersecurity Innovation Forum, sponsored by DHS and the National Institute of Standards and Technology, said the department will also be producing 20-minute training videos covering a wide variety of topics and best practices related to CDM for posting on either a government website or YouTube. George Moore, the technical director for DHS’ National Cyber Security Division, will produce the training.
“The basic theory is that we are going to portions of the 50 state governments that do not have robust security programs,” Streufert said. “We’re going to begin to provide them self-help mechanisms so they can begin to work on it themselves.”
The training, however, is only one part of a much larger strategy for the CDM program. According to Streufert, DHS is collecting lessons learned and best practices from the first phase of the CDM contract and assembling “toolkits” that can be used nationwide by state, local, tribal and territorial government agencies. The ultimate goal, he said, is to create a network security architecture that makes the best use of the small number of cybersecurity professionals across federal and state governments, and to facilitate better protection of critical applications, which account for as much as $47 billion of the government’s total IT budget.
Streufert displayed a critical application resilience architecture diagram of dedicated clouds connected by ingress and egress nodes containing diagnostics and mitigation, incident reporting, intrusion detection, and risk scoring. He referred to the potential model for the expansion of CDM as a “bottle cap” vision, in which the bottles represent dedicated agency clouds and the bottle caps represent information-sharing nodes staffed by security experts with advanced CDM capabilities.
“The theory is in the state governments, where one state has 32,000 government employees and only three of their units are well-protected, they would organize in dedicated clouds and put their most capable security professionals watching the ingress and egress points,” Streufert said. “It makes more sense to get the economy of leveraging the most skilled security professionals across the larger base.”
DHS is creating a subunit of the CDM program that will focus on critical application resilience. So far, the department has signed memorandums of agreement with almost all the 124 largest civilian federal organizations, and is now working on establishing security services for those applications.
Other plans currently underway include automating the software patching process across a wider range of civilian agencies, and preparing for a cloud security model where most critical applications are hosted in dedicated clouds.