With Federal agencies needing to move the bulk of their workforce to remote or hybrid environments since the start of the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program has worked with agencies to account for the increase in attack vectors and take a more proactive risk management stance, CDM Program Lead Richard Grabowski said.
Grabowski provided an update on the program and emphasized the importance of sharing actionable security data, in remarks on October 7 at the Billington Cybersecurity Summit.
“There has been a significant change for the program for the last, I would say 18 months, not the least of which is the [Biden administration’s cyber] EO (executive order),” Grabowski said. “So, there is a significant increase for us at least on mission scope … detection [and] response in addition to proactive risk management. One of the mantras of the program since day one has always been to fix the worst problems first.”
“You could run into any network today” with vulnerability scanning “and find something,” Grabowski added. “It’s about how do we make that actionable. So, from my perspective, the conversation is very relevant because we have to figure out a way to almost direct our stakeholders on what they need to do as opposed to letting them try to drown in the data because there’s just too much out there.”
As far as making sure the program is helping build a cyber environment conducive for information and data sharing, Grabowski said a key is making sure the government and stakeholders are sharing actionable data with each other.
“We really have to make sure that that information is actionable because we are dealing with chronic staffing shortage,” Grabowski said. “One of the key capabilities that we employ is vulnerability hygiene, vulnerability management. … We’ve been able to correlate some of that information with threat reports that says these vulnerabilities are actually being exploited. So you just don’t have to look at a [report] … then triage it based upon real-world factors.”
Grabowski said that by prioritizing actionable data sharing, the CDM program is able to direct agencies to what needs to be done, rather than inundating them with information and requiring them to parse through it for themselves.
“I don’t think that the agency should be left alone to try to figure out what threat and vulnerability are in that equation,” Grabowski said. “I think if we can share that responsibility, they can go figure out the consequences. We give them the actual information in that formula.”
“I think it makes the information a lot more useful, and people then will have a kind of compounding effect,” he said. “They will do it more often and they will actually use it [and] they will pay attention. Giving them a little bit more context is key.”