Continuous Diagnostics and Monitoring

The struggle with simplifying the government’s cybersecurity efforts

Posted on March 5, 2019 by Greg Otto

When it comes to protecting the federal government from cyberattacks, simplicity is not that simple. That was the underlying message Monday during multiple panels at RSA Public Sector conference in San Francisco, where government cybersecurity experts and the federal contractors that carry out the government’s cybersecurity operations discussed why things are currently complicated and what it will take to make things easier. The government’s ongoing embrace of the cloud is helping move things in the right direction, but because agencies often follow a hybrid cloud model, watching over a government enterprise is still a highly complex task. Kevin Cox, the program manager for the Department of Homeland Security’s Continuous Diagnostics and Monitoring program, said Monday that it’s a challenge to ascertain exactly how each agency has its enterprise configured. “From our perspective, CDM is working with civilian agencies to have a foundation in place to have the proper visibility on […]

The post The struggle with simplifying the government’s cybersecurity efforts appeared first on CyberScoop.

Continue reading The struggle with simplifying the government’s cybersecurity efforts→

DOD official: Automation can save Pentagon from drowning in data

Posted on April 17, 2018 by Sean Lyngaas

The Defense Department must do more to take advantage of automation tools to avoid drowning in a sea of network data and risk missing cyber threats, according to a top department official. “Right now, we buy a system for every use case, so we’re probably generating a lot more information than we need to,” Patricia Janssen, director of cybersecurity planning and implementation in the DOD CIO’s office, said Monday at the RSA Public Sector Conference in San Francisco. “How do we bring all that data together to help us manage and identify our vulnerabilities and our weaknesses?” Janssen asked. Automation tools can help DOD cut through the “noise” of unneeded data, she said at a panel discussion of continuous monitoring for cyber threats. The department’s thousands of computer systems make automation imperative to keep those systems patched and identify insider threats, Janssen added. Training staff to carry that out manually simply […]

The post DOD official: Automation can save Pentagon from drowning in data appeared first on Cyberscoop.

Continue reading DOD official: Automation can save Pentagon from drowning in data→

Sen. Warner wants action on WannaCry patching from DHS, OMB

Posted on May 16, 2017 by Shaun Waterman

Democratic Sen. Mark Warner has written to federal officials asking for details about how agencies patched their systems to protect them against the fast-spreading WannaCry ransomware. White House homeland security adviser Thomas Bossert told reporters during the daily briefing Monday that no federal systems had been infected, but Warner noted in his letter that despite a National Institute of Standards and Technology recommendation that security-related software updates “be installed within a defined timeframe (in many cases seven to 30 days for critical patches),” the Government Accountability Office last year found “numerous instances where agencies failed to comply with those deadlines.” Microsoft included a fix for the vulnerability in a regularly scheduled patch in mid-March. Over the weekend, the company took the unprecedented step of releasing a patch for several discontinued but still widely used software products, including Windows XP. In the letter, released Monday afternoon, the Virginia senator asks Homeland Security Secretary John Kelly and Office of […]

The post Sen. Warner wants action on WannaCry patching from DHS, OMB appeared first on Cyberscoop.

Continue reading Sen. Warner wants action on WannaCry patching from DHS, OMB→

Sen. Warner wants action on WannaCry patching from DHS, OMB

Posted on May 16, 2017 by Shaun Waterman

The post Sen. Warner wants action on WannaCry patching from DHS, OMB appeared first on Cyberscoop.

Continue reading Sen. Warner wants action on WannaCry patching from DHS, OMB→

DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies

Posted on April 13, 2017 by Shaun Waterman

New cybersecurity tools being deployed across the U.S. government found huge numbers of uncatalogued and unmanaged computer devices connected to federal networks — a phenomenon known as “shadow IT” — that necessitated urgent modifications to many hundreds of millions of dollars’ worth of contracts. Some departments and agencies had “several hundred percent” more devices on their networks than they expected and the average across government was about 44 percent more, Department of Homeland Security official Kevin Cox said last week at the McAfee Security Through Innovation Summit, hosted by CyberScoop. “There was something of a ‘oh shit’ moment,” said a person familiar with the discovery, made during the recent rollout of phase one of Continuous Diagnostics and Monitoring tools. CDM is a DHS-funded, government-wide acquisition program that buys and installs cybersecurity tools on U.S. departmental and agency networks. The tools found every kind of device imaginable on federal networks, this person said, from […]

The post DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies appeared first on Cyberscoop.

Continue reading DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies→