Why Automation Will be Critical to CDM Success

This past May, the departments of Commerce and Homeland Security reported that a shortage of federal cyber security workers continues to pose a daunting challenge that will only get worse. These findings were not surprising as the government as a whole is struggling with workforce and resource issues. But, they do indicate that the government needs to look at new approaches, especially when dealing with such a mission-critical issue as cyber security.

But even though the federal government continues to struggle to find people with needed technical skills, that does not mean agencies get a pass on implementing important cyber security initiatives. Perhaps the most notable cyber security program in place is the Department of Homeland Security’s Continuous Diagnostics and Mitigation Program, better known as CDM.

CDM calls on federal agencies to improve their cyber monitoring through four capabilities:

• Capability 1: What is on the network?
• Capability 2: Who is on the network?
• Capability 3: What is happening on the network?
• Capability 4: How is data protected?

Although most agencies have already progressed through the first two capabilities, as the program’s name suggests, the goal is not to simply monitor networks at one given time. The goal is to know in real-time what is occurring on the network.

And that is where the government’s cyber security workforce comes in. Even if agencies were 100 percent staffed, the tasks laid out in CDM would not be fully achievable. The answer lies in modern cyber security technologies, and that includes solutions that use automation and artificial intelligence to monitor networks, helping to take the human element out of every task. For example, incorporating automation into a CDM deployment can simplify the process of provisioning; provide analytic capabilities to scour logs; initiate updates; or any other task that requires manual intervention.

Benefits of Automation

In the past, federal agencies would have attempted to pursue a continuous monitoring strategy by purchasing disparate products and turning to teams of employees and consultants to conduct the monitoring and reporting. This is clearly not a viable option anymore. By integrating automation into the mix, agencies will benefit from the following:

• Integration with existing security tools and threat intelligence sources
• Faster response times to security events
• A simplified investigation process
• Minimization of the damage from attacks
• Reduction in time spent reacting to false positives
• Reduction of manual processes
• Integration with IT operations tools
• Cost savings

The CDM program holds a lot of promise for federal agencies. It has forced a number of federal agencies to invest in cyber security and to truly think about the state of their network. As agencies look to continue forward with CDM and other cyber security measures, they must realize that human reinforcements are not coming. Instead, they must look to advances in technology that can make the job of the cyber workforce that is in place much more efficient. Automation is the capability needed to ensure this happens.

If you found this information useful, you may also enjoy:

• US-CERT: Continuous Diagnostics and Mitigation Program