Tech

NASA: CDM implementation going well

America's space agency started in November 2016 implementing the first phase of the Continuous Diagnostics and Mitigation program designed to give agencies the tools they need to identify, prioritize and tackle cybersecurity risks, a NASA official told FedScoop.

By Samantha Ehlinger

February 1, 2017

(Getty Images)

America’s space agency started implementing in November the first phase of the Continuous Diagnostics and Mitigation program designed to give agencies the tools they need to identify, prioritize and tackle cybersecurity risks, a NASA official told FedScoop.

Not only is that implementation going well so far, NASA’s CDM program executive said, but phase two is, also. The Department of Homeland Security and General Services Administration-led program is finally giving the agency a way to tackle a long-recognized need for better security tools, said Willie Crenshaw, CDM program executive in the IT security division of NASA’s Office of the Chief Information Officer.

“That’s been a long-standing issue in the past, both when I was a contractor to the federal government and now being a federal worker. It was always: we know what’s out there, we know the tools are available, we know the capabilities are available, but the budgets weren’t always there,” Crenshaw said. “And then also, technology changes so quickly, that you buy a tool and then by the time you buy it and implement it, it’s pretty much obsolete.”

But CDM, Crenshaw said, seems to be tackling those problems.

“We get best-of-breed tools, we get top-notch tools, we’ll be able to implement in our environment,” he said. “But not only did they provide us tools, they provided services for us as well as a federal agency to integrate those tools. So they did listen.”

NASA anticipates being done with phase one by the end of fiscal year 2017, Crenshaw said in an interview with FedScoop.

“The first phase of CDM focuses on endpoint integrity: management of hardware and software assets, configuration management, and vulnerability management, which are foundational capabilities to protect systems and data,” according to the DHS CDM webpage.

The biggest hurdle to overcome, according to Crenshaw, was really understanding the scope of the work to be done.

“It’d have been difficult to cover the entire agency if we had not had something driving this, and CDM has been driving us to get these capabilities in place,” he said.

As due to the sheer size of the agency, Crenshaw said the team is going to be finding out some things as it goes through deployment.

One of the first agencies to sign on to implementing the program, NASA assembled its own team to tackle implementation, Crenshaw said. NASA has a standing working group with representation from all across the agency to get a handle on requirements, share information and address any snags during the process with DHS.

“The main thing is we don’t want to break anything,” Crenshaw said.

Another crucial piece to implementation is communicating plans at all levels of the agency — even up to NASA’s administrator, Crenshaw said. But taking the time to communicate with everyone also gives the team an opportunity to educate the end user, Crenshaw said, the main entry point into a network.

“When you educate people as to — here’s what we’re trying to do, here’s what we need to protect, here’s what we’re protecting, you kind of learn a lot more about the organization as a whole because now you know what you’re protecting and know what work everyone is doing,” he said.

One of the big upsides of the project: “I’m learning exactly what each mission does, and how they’re operating, what’s important to them,” he said. “And you can see what your crown jewels are for your agency and for your corporation, and protect that.”

NASA’s implementation is divided into deployment on the corporate side, and then on the mission side. The mission side is more difficult, Crenshaw said, because of its tight schedule for space launches.

“We’re poised here within the next month or two to deploy to our corporate side, and then later on this year we would have all of NASA covered for phase one, task order two,” Crenshaw said. “And that’s pretty much the heavy lift with CDM. But the CDM program is big — it’s going to take a number of years to get it done. So we’ve already started some additional activities on the phase two stuff.”

Overall, Crenshaw said CDM is a “good program” that government needed.

“The tools are working very well together, the Gigamon, as well as the RES and all those tools are working well together to give us what we need,” Crenshaw said. “So we’re just excited about where we’re are, and as we continue to deploy we’ll make sure that we’ll get the data and start feeding it to DHS is the way that the program’s intended to work.”

Crenshaw said he is excited to see the data the tools will bring, and the capabilities that will help NASA respond in a more anticipatory way to threats. As he put it: “Be on the offense instead of always on the defense.”

NASA: CDM implementation going well

More Like This

ICE pursuing privacy approvals related to controversial phone location data

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

How Google Cloud AI and Assured Workloads can enhance public sector security, compliance and service delivery at scale

Top Stories

State Department encouraging workers to use ChatGPT

Federal CIO calls on Congress to fund Technology Modernization Fund

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

More Scoops

As TSA PreCheck enrollments surge, data shows complaints have followed

CBP leaning into biometrics on controversial app, raising concerns from immigrant rights advocates

FEMA employees brought government devices abroad without authorization, including to China and Iraq, document shows

On some basic metadata practices, US government gets an ‘F,’ per new online tracker

How risky is ChatGPT? Depends which federal agency you ask

Leading AI-focused congressman on legislative prospects for the tech and the risks it presents

The FAA is developing an air traffic tool built for the space age. It may need help

Latest Podcasts

NASA: CDM implementation going well

AI Week 2024 has Come and Gone

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

Tech

Defense

Cyber

Acquisition