From: Federal Times
As director of the Federal Network Resilience Division at the Department of Homeland Security, John Streufert oversees a $6 billion effort to secure public-sector networks against cyber threats. That effort, called the Continuous Diagnostics and Mitigation (CDM) program, aims to apply a strategic sourcing acquisition strategy toward the purchase of network sensors, dashboards, expertise and a variety of services to identify and fix the worst vulnerabilities threatening the dot-gov enterprise. Streufert provided an update on that program as the keynote speaker at a June 11 event hosted by Federal Times and its sister publication C4ISR & Networks. Following are edited excerpts of his address and an interview with Federal Times Editor Steve Watkins:
We’re about to harvest the work of the past two years and begin actually implementing the first increment or phase of diagnostics and mitigation in dot-gov. But to set the context of what the [Continuous Diagnostics and Monitoring]CDM Program is and why it matters at a 30,000 foot level, I’d like to take you up to satellite height for a minute and set the context of why this iteration, this investment that the Congress has made and the executive branch has formulated a program on is so important.
Frank Reader, leading a study group on behalf of Jim Lewis at the Center for Strategic and International Studies, said in a report about a year ago, “Our adversaries are well equipped and agile. Our defenses must be equal to the threat — this is now focusing on government systems in networks — and they are not.” It goes on to say that changing FISMA [Federal Information Security Management Act] requirements from a process and compliance approach that focuses on process rather than outcomes to one of continuous monitoring is the single most important action that OMB can take for cybersecurity. We recommend that the Office of Management and Budget use authority provided in existing statute — that would be the Federal Information Security Management Act, and other authorities available to the Executive Branch — to effect this important reform. That was exactly the spirit under which the continuous diagnostics and mitigation program was launched.
Leave a Reply