Looking Ahead – What’s Next for CDM?

The CDM program, established in 2012, aims to enhance the cybersecurity posture of federal agencies by providing them with the necessary tools and capabilities to continuously monitor, identify, and mitigate cyber threats. Yet eleven years later, it has failed to become the intended strategic solution and struggles to maintain pace with ever-evolving cyber threats and the increased variety and volume of IT assets connecting to Federal networks.

When the CDM program was introduced, its core objectives were clear:

• Reduce agencies’ threat surface.
• Improve visibility into federal cybersecurity posture.
• Enhance response capabilities.
• Streamline FISMA reporting.

These goals were designed to address the growing sophistication of cyber threats and the need for proactive measures to safeguard government systems and data. Unfortunately, complicated architectures with off-label deployments, custom integrations slowing innovation, and misaligned incentives between a web of stakeholders means even the basics of comprehensive visibility have not been achieved.

Continued Challenges

Although the CDM program has made significant strides in bolstering federal cybersecurity, it has encountered several challenges along the way.  The explosion of endpoints beyond traditional IT is enlarging the “visibility gaps” and “problems of perspective” experienced by federal agencies. Shadow IT and bottom-up budgets mean IT and security leaders do not manage nor are they even aware of all the vulnerable assets within their environment.  Challenges exist within the IT family as well.  IT operations, cyber operations, and risk management teams all function with disparate opinions about what exactly is being protected and no one perceives the attack surface holistically.

Gaining More Threat Visibility

CDM seeks to leverage federal-wide cyber visibility to enable smarter, more efficient responses.  It collects and aggregates information about hardware, software, and vulnerabilities from federal civilian networks and delivers this information to a single, federal-wide dashboard. This visibility is presented through four layers:

• Layer A holds the tools and sensor (BigFix, Forescout, Tenable, CyberArk).
• Layer B is federated collection and deduplication (Splunk, custom software).
• Layer C is the Agency Dashboard (Elastic, Kabana).
• Layer D is the Federal dashboard (Elastic, Kabana).

Initially adding tools and an entirely new technology stack seemed like the smartest way to solve the visibility challenge and achieve the CDM goals.  But in 2023, solving these issues doesn’t require more tooling, it requires  better coordination. By integrating with the tools agencies already have in place (CDM or not), the Armis Asset Intelligence and Security Platform can provide the Layer B solution for federal agencies.  Armis can also enhance Layer A with network-derived information on previously unseen and unknown assets.  CISA’s Binding Operational Directive (BOD) 23-01 put the responsibility for Layer A collection squarely on the shoulders of individual agencies. The agencies are now responsible for seeing and mitigating all issues with their network assets.  This is an opportunity for agencies to modernize their approach to CDM by:

• Deploying cloud-based solutions for scaling across federated environments.
• Leveraging the solutions they already have in place.
• Consolidating the sensors in Layer A to what is providing value to the organization.
• Overhauling their Layer B solution with a cloud-first model.

The efficacy of a cloud-first model has been proven in the CDM program, and can be used to provide stronger Layer B capabilities to secure security and program success.  Aggregating data across federated environments can be fraught with technical and political challenges.  Cloud solutions help leap over both of these obstacles.

Looking Ahead

In the years to come, the CDM program must continue to evolve to meet the challenges posed by ever-changing cybersecurity threats. Addressing the complexities of IT/OT convergence, enhancing data deduplication, and improving automation will be crucial to maintaining the program’s effectiveness. Furthermore, fostering collaboration among federal agencies and investing in cybersecurity resources will strengthen the overall cybersecurity posture of the government.

Nevertheless, challenges persist, and the program must remain agile and adaptive to tackle emerging threats effectively. With continued dedication and collaboration, the CDM program can continue to be a pillar of cybersecurity defense in the years to come.

To learn more about how Armis can help your agency in accelerating a successful CDM implementation, visit our CDM Resource Page.