Meritalk’s CDM Central Cyber Defenders conference kicked off Dec. 3 with a conversation between VMware’s Garrett Lee and Steven Hernandez, Chief Information Security Officer at the Department of Education (DoEd).
Hernandez said the Continuous Diagnostics and Mitigation (CDM) program is about much more than checking a box for cybersecurity; it can also be used as a valuable tool to collect information and derive insights into how the government can improve security infrastructure and operations.
“We see CDM as a strategic driver in our organization and a go-to source for information about near real-time technical risk in our networks, in our systems, and in our end points,” he said.
Hernandez said the government is currently transitioning CDM from an individual-like model into an integrated data link program, which collects all of the data feeds from CDM deployments with the ultimate vision of deploying a zero trust architecture – a security model that requires all users to be authenticated and authorized before being granted access to networks.
Lee, who is manager of Federal Systems Integrator Accounts and Strategic Federal Programs at VMware, said the good news is agency network security systems already have most of the pieces to adapt to a zero trust model.
“You’ve got a lot of the key ingredients already. It doesn’t always have to be a clean sheet design,” he said.
While both agreed the coronavirus pandemic has been a tremendous wakeup call for the current state of cybersecurity, Hernandez said he thinks civilian government agencies were well-prepared, having spent years writing continuity of operations plans and business impact assessments in the case of a pandemic. Some agencies, he said, also benefited from having recently undertaken IT modernization steps.
“For us, the initial shift wasn’t hard but it was the little things that got us, like coming up with an onboarding process that didn’t involve a badging office,” he said.
As far as challenges within DoEd, Hernandez said deploying CDM in cloud environments separate from government-controlled servers and networks, and making sure there is risk visibility parity in those environments, is something that remains a priority. He said the continuous threat of ransomware is hitting the education sector hard, but he’s hopeful CDM technology will pick up on suspicious network behaviors and eradicate threats.
He said the government is considering two CDM steps to strengthen security in civilian agencies –deploying sensors to department offices and then sending the data back to the Feds, and teaching department staffers how to collect data in the right frequency and right format so they can use their own sensors.
“I think we’re going to see tighter integration and more advanced integration as we look at programs and consider what it means to be a cloud provider in the federal space,” said Hernandez. “Going from quarterly or monthly continuous monitoring updates to actual CDM data feeds – that’s really exciting to think about.”
Regarding the need to maintain a remote workforce, Hernandez said one of the first things Federal cybersecurity officials had to do was re-architect the entire patching fabric to make sure that all devices were getting checked. And on that same note – reinforcing how important the end user is.
“If the end user doesn’t turn on the device, doesn’t connect it back to us, programs like CDM can’t get to them,” he said. “There’s been a culture push in making sure folks understand they’re a critical part of this line of defense.”
When asked about successes this year in the DoEd security area, Hernandez said he’s proud of his team’s resilience and adaptability. “Some of my team members have tremendously challenging [work from home] situations and watching them figure out ways to make sure the mission is still being completed at work while the mission is still being taken care of at home – that was incredible.”
And for a look at how the CDM’s secret sauce is prepared, please enjoy the accompanying CDM Central video.