It’s never been more important for government agencies to know exactly what’s going on in their networks. With cybersecurity attacks rising in both volume and sophistication, there are more threats to networks than ever before. At the same time, those networks are becoming more complex, with new systems, tools and technologies being added all the time.
Those new additions add more endpoints to the network – meaning more ways for attackers to access the environment. Plus, they make it harder to know where attacks might be occurring because they diminish network visibility. So once a breach occurs, that attack might spread throughout the network – far inside the perimeter – without being detected.
In response to these network security challenges, the Department of Homeland Security created the Continuous Diagnostics and Mitigation, or CDM, program. CDM provides DHS and other federal agencies with the capabilities and tools to identify cyber risks on an ongoing basis, as well as detect and respond to threats in real time.
The CDM Program is organized into four distinct phases designed to address each layer of agency cybersecurity.
Phase 1 asks “What is on the network?” What devices, software and other tools are part of your agency? Are they configured properly?
Phase 2 asks “Who is on the network?” Are your users who they say they are and are they using your systems and controls in a secure manner? Are their access permissions appropriate to their role?
Next, Phase 3 asks “What is happening on the network?” This phase moves beyond managing assets – the people and users on the network – to ask how the network is responding to events. Are your systems and processes appropriately responding to behavioral incidents? Can security incidents be mitigated before they spread throughout your network?
Finally, Phase 4 asks “How is data protected?”
The official rollout of Phases 1, 2 and 3 have already been completed by DHS. Collectively, they focused on asset and user management.
Phase 4 addresses a different aspect – data. This is arguably the most critical component of CDM because data underlies every function and capability of network protection.
According to DHS, “CDM Phase 4 capabilities support the overall CDM Program goal to identify cybersecurity risks on an ongoing basis, prioritize these risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first.”
It does that by focusing on data protection – implementing new technologies to monitor and secure your data across the network – as well as encryption and architectural system improvements like network micro-segmentation.
CDM Phase 4 is absolutely necessary for every government agency to address. So how do they do it? How do they secure their data in every format, across every part of their network? We explain in our recent course, Your Steps to Achieve CDM Phase 4. Check it out here.