CDM Vital to Data Optimization at DOE, DOJ

As the Department of Education (DOE) implements President Joe Biden’s major student loan forgiveness effort, malicious cyber actors bombard DOE’s website with cyberattacks to disrupt the debt relief program.

Continuous Diagnostics and Mitigation, a cybersecurity program run by the Cybersecurity and Infrastructure Security Agency (CISA), is playing a key role in helping DOE protect its networks from cyber adversaries. CDM helps federal agencies track all users and assets on their networks and issue scans and patches more quickly. Steven Hernandez, CISO at DOE, said M23-01 is also crucial to providing an extra level of security for mobile devices.

“I think we will see a lot of work in the areas of mobile devices government wide,” Hernandez said.  “They haven’t always been treated like other CDM-monitored devices like desktops and laptops but under 2301 they are.”

Hernandez is prioritizing vulnerability scanning, software inventory and a zero trust adaptor going into 2023, especially as DOE ramps up its Bring-Your-Own-Device (BYOD) program.

“One of the more challenging spaces will be how are we going to do this with BYOD because if device information is part of the equation for trust we’re probably going to be asking more information from our BYOD users than we have in the past,” Hernandez added during FCW’s CDM Summit.

Kevin Cox, Deputy CIO at the Justice Department (DOJ), said CDM helps DOJ better understand its network surface and cybersecurity vulnerabilities.

“It’s just not reducing the agency’s threat surface but identifying the full attack surface that could be seen by an adversary and working to make sure those threats are minimized as much as possible,” Cox said.

DOJ’s CDM dashboard also helps the agency manage its data more effectively. When DOJ deployed CDM tools, they provided greater data visibility on the network and generated valuable data insights.

“We worked closely internally, worked closely with CDM program and others in terms of taking a look at what different agencies were doing and learning what they had success with and then incorporating it into our program,” Cox said.

DOJ uses the NIST Continuous Asset Evaluation, Situational Awareness and Risk Scoring (CAESARS) framework alongside its CDM dashboard, allowing DOJ to measure security down to each endpoint. DOJ also takes notes from industry best practices around continuous network monitoring.

“I think that was key for us, just being open to learning from others and sharing what we were doing and then continuous improvement to mature out and get better visibility today than we had yesterday,” Cox said.

Upcoming IT modernization plans for DOE include a data lake fabric and Big Data tooling, for which CDM will be an enabler.

“Over the next few years, we’re going to be optimizing how we look at data and CDM data is going to be a huge part of that equation because it’s so rich and so available already,” Hernandez said. “We use dashboard-as-a-service from CISA and it’s amazing, it takes so much of the operational headache out the equation and we have a data flow that goes there and in a perfect world that dashboard is being fed from the data lake fabric and not a silo.”