Tenable’s Federal Business Development Manager Chris Jensen shares his thoughts on CDM progress, priorities, and challenges.
MeriTalk: How is Tenable revolutionizing cybersecurity to aid the CDM program and Federal agencies?
Chris: We recently introduced a ground-breaking innovation for solving the vulnerability prioritization problem called Predictive Prioritization. Predictive Prioritization leverages a proprietary machine learning algorithm along with threat intelligence to predict the vulnerabilities with the highest likelihood of being exploited in the near future. A Vulnerability Priority Rating (VPR) is automatically displayed which indicates the remediation priority of each flaw. VPR is a dynamic value which changes with the threat landscape.
MeriTalk: From an industry standpoint, how much progress are Federal agencies making with CDM?
Chris: From our perspective as a CDM technology vendor, we are seeing strong progress, especially over the past six to nine months, as the DEFEND task orders have been established and the RFS process has become more mature. DEFEND has gotten all parties more engaged, and has engendered a more open and interactive environment, improving communication between technology vendors, system integrators, government agencies, and the CDM PMO. CDM now has a very strong structural foundation to build on in the years ahead.
MeriTalk: What are the biggest challenges to successful CDM implementation?
Chris: There continue to be multiple challenges, but the biggest is simply the scale of the program. At a high level, the idea of bringing all Federal agencies together and delivering data into a common dashboard is a simple and straightforward idea. But the number of organizations involved, and the multiplicity of technologies and cultural changes required to achieve success, makes it an extremely complex ecosystem. Keeping all of the moving parts operating efficiently and effectively is the top program challenge.
MeriTalk: Where would you like to see DHS focus CDM improvement efforts over the next three years?
Chris: We would like to see continued refinement of the AWARE algorithms as the new dashboard is fully implemented and agencies start paying increased attention to their AWARE scores. We hope that program and agency leadership will always be as concerned about the relationship between the scores and network security as they are with the scores themselves. If the system is not measuring the right things, then an improved AWARE score will not mean a more secure environment. Continuing refinement of AWARE to adapt to changing technologies and threats, so that improving scores will always mean improved security, is an essential link in the chain.
MeriTalk: What lesson learned from private sector cybersecurity, would you share with DHS to improve CDM?
Chris: First, we need to point out that learning opportunities go both ways. The private sector can learn a lot from CDM as well. That said, the primary lesson DHS can take from the private sector is the importance of flexibility and adaptability in today’s dynamic network environment. The new CDM APL process, and CDM SIN, which provide an improved path for integrating new technologies into the program, are evidence that CDM leadership recognizes this need, but the scale of the program and the inherent inflexibility of public sector contracting, will continue to pose challenges. Paying attention to the “Dynamic” and “Evolving” parts of the DEFEND acronym will pay dividends for the program going forward.
MeriTalk: What makes Tenable stand out among the other CDM providers?
Chris: We understand the importance of integrating with other technologies, and we have made that a primary focus in product development. We have taken a similar approach on an interpersonal level, working hard to be a strong partner to CDM program leadership, agency customers, and system integrators.
We also take a holistic approach to security. We understand the attack surface is no longer just a desktop or on-premises server. We provide customers with a unified view of their environments so they can more effectively manage, measure, and reduce their cyber risk.
To hear more from Chris Jensen, don’t miss the “Tales from the Frontlines” panel at the inaugural CDM Central: Navigating the Cyber Roadmap conference on October 10.