As government cybersecurity practices shifted to adjust to the increase in telework during the COVID-19 pandemic, officials from the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) previewed cyber tools offered by the agencies, but reminded Feds that knowing the network architecture is an early and necessary step toward selecting the correct protections.
“The key here is … the ability to manage your risk profile,” DHS CIO Karen Evans said at the August 5 Securing the Telework Workforce event. “You have to really know what is the risk tolerance of what your leadership, what your users, what they need to be able to sustain and then engineer solutions to that.”
Evans and CISA CTO Brian Gattoni discussed the importance of understanding the cyber environment and risk tolerance in terms of Continuous Diagnostics and Mitigation (CDM) program application. As a user of CDM, Evans explained that they must understand what the agency is managing to see what can be monitored on a continuous basis from a technical perspective.
Gattoni added that understanding how the risk profile shifts and how employees meet their mission are two considerations when implementing CDM. “Figuring out where that risk combination is for your employees and their mission is an important concept,” he said, “and using CDM tools to help manage the monitoring of data moving across those devices is important.”
To maintain a full view of the environment and inform cyber protocols, Evans said that DHS is looking to take the Security Operations Center (SOC) program and combine it with a fuller view of the network.
“It’s marrying those two together so that you have a network security operations center that can manage to your risk profile, keep the [operations] going for the mission, but then handoff the information so that the analytics can be done about what is actually happening,” Evans said of the initiative.
Other procedures, like the Trusted Internet Connections (TIC) 3.0 guidance, also rely on an explicit view of the network so that officials can select the cybersecurity protocols that best suit the environment, the officials explained. In this way, Gattoni said that the purpose of TIC 3.0 was “to give guidance to enable CIOs to make risk-based decisions as they move across flexible architectures.”