Congressman Ratcliffe Rattles CDM’s Cage in Hearing on the Hill
House Cybersecurity and Infrastructure Protection Subcommittee chairman Rep. John Ratcliffe, R-Texas, put the Continuous Diagnostics and Mitigation (CDM) program under the microscope in a hearing with industry experts last week. The somewhat unconventional hearing–which featured only industry witnesses and none from government–underscored CDM’s primacy, but pushed the program to get a move on. The roster of industry witnesses included representatives from Splunk, RSA Archer, CGI Federal, and the Information Technology Alliance for Public Sector.
Pedal to the Metal Please:
“The maturity of the Continuing Diagnostics and Mitigation Program has to move at the pace of new technologies and innovations, not at the pace of bureaucracy,” said Rep. John Ratcliffe, R-Texas, subcommittee chairman, during the hearing
As with most large government programs, the CDM program has struggled with navigating government bureaucracy and uncertain budget cycles. Ratcliffe and the witnesses acknowledged CDM as the government’s best shot at securing its most important networks, but emphasized that slow deployment means cyber criminals are getting the jump on government agencies.
CDM launched its first of four phases in 2012, which focused on helping agencies and departments understand what is on their networks. However, Phase 3, which helps agencies and departments understand what is happening on the networks, didn’t launch until last year.
“While I understand that setting up new government programs, buying new and advanced technologies, and deploying those technologies across a massive Federal environment is not easy, the threats to Federal agencies continue to grow every minute,” Ratcliffe said.
Hurry Up, But Don’t Screw Up:
Everybody urged acceleration, but witnesses also urged caution–and emphasized the need for the government to move at prudent speed.
“While everyone feels the urgency brought on by continuous cyberattacks, it is important to not lose sight of the fact that providing security to networks as large and complex as those of the U.S. government is an enormous undertaking,” said Gregg Mossburg, senior vice president for strategic operations, CGI Federal. “This is one of the first efforts of its type; therefore, it is critical to lay a solid foundation on these programs before building more advanced capabilities.”
During the hearing, industry experts shared their thoughts on how the government can help CDM succeed in the future.
“Promoting CDM’s continued success over the next several years will require continued funding through appropriations, robust oversight by Congress, and sustained leadership from DHS,” said Frank Dimina, area vice president, Federal, Splunk. “I will reiterate that the CDM program has made important strides. Now is the time to look at modernizing the approach and enhancing the capabilities of this program.”
CDM and the Bigger Picture:
Despite Ratcliffe’s drive to acceleration, his spokesperson stressed that the congressman remains committed to CDM. Ratcliffe is currently working on a bill to speed up CDM deployment.
Ratcliffe recognizes CDM is huge, but fits into a bigger picture plan to improve the efficiency and security of Federal IT. The CDM Dashboard promises to provide a critical operational measure to support the Cyber Executive Order and FITARA. Ratcliffe’s collaborating with Rep. Will Hurd, R-Texas, who heads the House Oversight IT subcommittee. There’s clearly a strong mapping into the new MGT Act. Net takeaway, it’s CDM PDQ–with a strong mapping to MGT.