Kevin Cox, Continuous Diagnostics and Mitigation (CDM) program manager, said today that he could not directly address the Russian government hack of thousands of government and private sector networks that came to light in December, but emphasized the importance of network resilience to quickly recover from intrusions and breaches.
“I won’t dive directly into the details of some of the latest incidents,” Cox said at a virtual event organized by ATARC. But he said that at the Cybersecurity and Infrastructure Security Agency (CISA) – of which the CDM program is a part – “we want to continue building resilience into Federal networks” with a primary focus on protection of data.
Tom Suder, ATARC’s founder, said at today’s event that none of the government presenters would talk about the hack. “The Federal government is really working on this issue,” he said, adding, “it’s like talking about a crime scene while [the crime] is still happening.”
“We have found that efforts we have underway are important to continue to build out the resilience in the agency networks, and to be able to understand what is in their networks,” Cox said.
“But over time, we are looking at the right tools and technologies to better protect their networks,” Cox said, and “identify anomalous behavior … any activity on the network that does not align with normal use of the network, in order to identify incidents and get in front of them.” While the goal always remains to prevent attacks, “we also have to be ready to work as soon as possible” to remediate the impact of intrusions, Cox said.
Speaking more generally about the aims of CISA and its Cybersecurity Division, Cox said the organization is focused on improving network defense both within the government and “outside the Federal space,” including state and tribal governments, along with owners of critical infrastructure.
Within the Federal government, “we are looking to build capacity across Federal civilian networks … and make sure they have the right solutions in place, and the right intelligence informing them of threats,” he said. Part of capacity building for Federal agencies, Cox said, is to “have tools and processes to keep up with adversaries,” provide assistance around governance and training, and making sure that solution sets can be delivered and maintained.
CDM Program Outlook
With the CDM program in particular, Cox said he continues to be focused on helping agencies identify and fill gaps on understanding and monitoring network assets and users “so they can better protect their networks” and “really build resilience in their networks.”
For Fiscal Year 2021 that runs through September, Cox said a major program goal is to continue to build out the latest version of dashboard technology that will help individual agencies and Federal leadership get a better view of security. One of the fruits of that goal, he said, is “to be able to target and fix the worst problems first.”
On the dashboard front, Cox said today four Federal agencies have the new dashboard technology in place with more on the way, and that the Federal-level dashboard is set to come on line in the current quarter. “That really changes the equation for us … that gives us much more visibility,” he said.
The CDM program office will also continue working through the year on pilots with agencies focused on protecting high-value assets, helping agencies better understand security of systems they run in the cloud, and security of data from mobile sources.
Cox also indicated the CDM program remains available going forward to help agencies quickly deal with security problems, as it did when agencies moved to a telework footing in 2020 amid ramp-ups in malicious network activity.
“We will continue to have those flexibilities available” to agencies, Cox said. “We want to continue to be available to help the agencies as much as we can in times of need to protect their networks and their data.”