The Trump administration’s twin priorities for federal information technology – improved cybersecurity and modernized federal systems – impose a natural tension: How to protect a federal architecture that is rapidly changing as agencies push more and more systems into the cloud.
The Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program’s early phases focus on understanding what systems are connected to federal networks and who has access to those systems. The next phases – understanding network activity and protecting federal data itself – will pose stiffer challenges for program managers, chief information security officers and systems integrators developing CDM solutions.
Figuring out how to monitor systems in the cloud – and how to examine and protect data there – is a major challenge that is still being worked out, even as more and more federal systems head that way.
“Getting that visibility into the cloud is critical,” says DHS’s CDM Program Manager Kevin Cox. Establishing a Master Device Record, which recognizes all network systems, and establishing a Master User Record, which identifies all network users, were essentially first steps, he told a gathering of government security experts at the ATARC Chief Information Security Officer Summit Jan. 25. “Where we're headed is to expand out of the on-premise network and go out to the boundary.”
As federal systems move into the cloud, DHS wants CDM to follow – and to have just as much visibility and understanding of that part of the federal Information technology ecosystem as it has for systems in government data centers. “We need to make sure we know where that data is, and understand how it is protected,” Cox says.
Eric White, cybersecurity program director at General Dynamics Information Technology (GDIT) Health and Civilian Solutions Division, has been involved with CDM almost from its inception. “As agencies move their data and infrastructures from on premise into these virtualized cloud environments, frequently what we see is the complexity of managing IT services and capabilities increasing between on-premise legacy systems and the new cloud solutions. It creates additional challenges for cybersecurity writ large, but also specifically, CDM.”
Combining virtualized and conventional legacy systems is an integration challenge, “not just to get the two to interact effectively, but also to achieve the situational awareness you want in both environments,” White says. “That complexity is something that can impact an organization.”