by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January 2015
[BrieFing] For more than a decade, the federal government has been moving from a pe- riodic, compliance-based approach to IT security to real-time awareness based on the continuous monitoring of IT systems and networks. While progress has been spotty so far, some security watchers say Phase 2 of the Homeland Security Department’s Continuous Diagnostics and Mitigation program, expected to be imple- mented in 2015, could be a major step forward. Jeff Wagner, director of security operations for the Office of Per- sonnel Management, said Phase 2 could be “the realization of IT security.” “I’m happy with the CDM pro- gram, Wagner said. “It’s moving us away from the old generation of defense in depth to a new gen- eration of seeing attacks as they occur.” The next phase of CDM, called Least Privilege and Infrastructure Integrity, fo- cuses on managing identity and access to resources and puts a premium on be- ing able to see and control what is going on in a system. This can enable effective real-time response. “This phase could be transformative, rather than evolutionary,” said Ken Am- mon, chief strategy officer of Xceedium, which provides access control technol- ogy. Phase 1 of the CDM program, which focused on endpoint security, went into effect in 2013. The next phase reflects the new reality of IT security in which pe- rimeter defenses have been recognized as inadequate and breaches as inevi- table. This puts a premium on monitoring and controlling behavior inside systems and networks. Phase 2 of CDM will require a stan- dardized approach that will enable automated functions and improve com- munication among siloed systems. The CDM program is a part of the implementation of the Federal Informa- tion Security Management Act, which has for years been mired in regulatory compliance. CDM is enabling the government’s orderly but critical move to continuous monitoring and better real-time visibility. The program specifies 15 monitoring capabilities, which can be performed by agency sensors or provided as a service. Sensors will feed data into local agency dashboards, allowing managers to pri- oritize risks based on standardized and weighted scores and to document and track actions. Summary information is fed into enterprise-level dashboards and eventually to a DHS dashboard. A blanket purchase agreement was awarded in August 2013 to 17 com- panies, each with multiple partners, to cover endpoint management in the first phase of CDM. A request for information was sent in April to CDM suppliers to identify prod- ucts for Phase 2, and products now are being evaluated for inclusion in the BPA, which is expected to be updated this year to make approved products and services available. Because products in the CDM pro- gram are off-the-shelf, Phase 2 will not involve any radical new capabilities. It is intended to deliver a standard set of tools and services to provide better understanding and control of who is accessing resources and what they are doing. Although perimeter defenses are not being abandoned, years of successful breaches have made it clear that they are not adequate de- fenses. The new reality in IT security is that breaches are inevitable, and the ability to monitor and control behavior through improved identity man- agement and access control will allow intrusions to be more quickly identified and more effectively addressed. OPM’s Wagner calls CDM Phase 2 “a sign that the federal government finally is taking FISMA seriously.” Attaining better security is not about developing new technology, he said. “The PIV card is a perfect example.” It has been around for 10 years to provide interoperable, strong multi-factor authen- tication, but is not being widely used. Requiring the use of a suite of proven, off-the-shelf tools available at affordable prices will ensure that the technology is put to use, not on a shelf. • BY WILLIAM JACKSON Will CDM be ‘the realization of IT security’? 6 GCN SEPTEMBER 2014 • GCN.COM 6 GCN JANUARY 2015 • GCN.COM “The CDM program is moving us away from the old generation of defense in depth to a new generation of seeing attacks as they occur.” – JEFF WAGNER, OPM 0115gcn_006-016.indd 6 1/12/15 2:59 PM
November and December 2014