Analysis
Attacks and Vulnerabilities
CISA
Critical infrastructure
News
Regulation, Standards and Compliance
Secure Remote Access
System Design & Architecture
Technology & Solutions
Threat Landscape
Vulnerabilities

CISA says evolving CDM transforms federal cybersecurity response, enables interactive cyber defense

July 24, 2023
CISA says evolving CDM transforms federal cybersecurity response, enables interactive cyber defense

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it deployed its Continuous Diagnostics and Mitigation (CDM) Federal Dashboard when a federal agency identified an active exploit targeting its network recently. The move enabled the CISA to detect several other vulnerable systems in the federal government related to this exploit. 

“Within minutes, we leveraged this host-level visibility into federal agency infrastructure to confirm potential risks, alert affected agencies, and actively track mitigation – preventing an active exploit from causing widespread harm across agency systems and impacting essential services upon which Americans depend,” Michael Duffy, associate director for capacity building at CISA, wrote in a Friday blog post. “The capabilities of CDM today are in stark contrast to those of just a few years ago.” 

This month, Duffy revealed that CISA leveraged the CDM capabilities as part of a broader response to two concerning cyber events. “CISA operators analyzed near real-time agency dashboard reports to coordinate targeted notifications for the MOVEit Transfer vulnerability and understand prevalence within minutes, again a significant improvement from pre-Dashboard days,” he added. 

Additionally, in response to the recent widespread email security gateway exploit, CISA threat hunters utilized the CDM Endpoint Detection and Response (EDR) platform in collaboration with the impacted agency to directly access the agency’s environment to search for instances of threat activity working shoulder-to-shoulder with agency staff. The move demonstrates what the government gains by evolving its collective, interactive cyber defense posture. 

Previously, Federal Civilian Executive Branch (FCEB) operators and CISA counterparts lacked sufficient operational visibility – insight into what devices, software, and users were operating within the environment – to mitigate risks before a breach, Duffy said. “Operators had no automated way to share valuable intelligence with other federal agencies; it was all manual data calls. Now, because of the CDM program, agencies and CISA can respond to cyber threats in a coordinated and expedited fashion by sharing data between dedicated CDM Agency Dashboards and CISA’s CDM Federal Dashboard,” he added. 

Duffy also highlighted that the CDM Agency Dashboards visualize cyber risk information collected from sensors and tools deployed within agencies’ environments. “Each Agency Dashboard shares data with our Federal Dashboard, giving CISA an integrated view of the dynamic state of the federal enterprise’s unclassified domain, positioning cyber operators across the federal government to more effectively collaborate when responding to a cyber threat.”

Over the last three years, the scope, scale, and impact CDM has had on federal cybersecurity has grown significantly. The CDM Dashboards are not just a tool for measuring progress or visualizing risk – CISA’s cyber defense operators are increasingly turning to the Federal Dashboard to aid in incident response while agency cyber leaders and practitioners alike are beginning to shape operational and strategic activities based on the evolving ‘current state’ data provided by CDM.  

Earlier this spring, Duffy revealed that all 23 Chief Financial Officer (CFO) Act agencies are now sharing cyber risk information with CISA continuously through their CDM Agency Dashboards. “The frequency, precision, and level of detail of this information sharing has been a key enabler of CISA’s operational visibility throughout the FCEB. And this is only the start,” he added. 

Duffy pointed out that CDM is no longer a static effort to standardize agency capabilities and collect cybersecurity information but rather the U.S. government’s cornerstone for the proactive, coordinated, and agile cyber defense of the federal enterprise. 

The recent evolution of CDM was shaped by several major cyber events over the years that led to new and expansive authorities, increased demand for centralized services, and a resounding call to strengthen government data protection on behalf of the American people. 

The Biden-Harris Administration’s Cybersecurity Executive Order drove substantial changes to increase CISA’s operational visibility of granular data to the CDM Dashboards and advanced the agency’s relationship with agencies. “Our relationships have progressed to much more effective, valued, and collaborative partnerships that promote identifying, understanding, and reducing risks across the federal enterprise.”

Looking ahead, Duffy outlined that the agency is “proud of the progress we’ve made over the last decade and how CDM is helping to strengthen the federal government’s information infrastructure. We’re even more excited with where CDM will go in the next decade, and how we will advance cyber defenses to ensure our nation’s resilience to cyber threats.”

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Insane Cyber
Insane Cyber closes $4.2 million funding round to safeguard critical infrastructure installations
Building a Culture of Cyber Resilience in Manufacturing (WEF)
WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
Xage’s Zero Trust Session Collaboration tool delivers remote access, collaboration across industrial frameworks
Xage announces AI-powered analytics and insight capabilities to boost zero trust access and protection
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
AI for Energy - Opportunities for a Modern Grid and Clean Energy Economy (DoE)
US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure