Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
23 Winter 2014 – 2015 Proceedings www.uscg.mil/proceedings weaknesses, such as unauthorized hardware, unpatched vulnerabilities, or insecure confguration settings. Detailed results of these ongoing scans are sent to a dashboard that the responsible department or agency maintains, and sum- mary results are sent to the DHS federal dashboard. At the department/agency level, personnel prioritize spe- cific cybersecurity weaknesses based upon impact and threat, and rank them for resolution. At the federal level, staff aggregate summary results to provide a single grade refecting the overall cybersecurity posture. Departments and agencies are responsible to mitigate cybersecurity weaknesses, based upon the prioritized list on the local dashboard. The prioritized weaknesses list is then updated on the local dashboard based upon mitigations and upon ongoing scanning. Department/agency grades will change, as the scored summary weaknesses decrease. Finally, CDM sensors are updated, as required. Addressing a National Concern Continuous diagnostics and mitigation is a strategic response to a national concern — the increasing vulnerabil- ity of sensitive information and essential services to moti- vated and highly competent adversaries. Ad hoc approaches remains, however, whether such investment and executive focus has resulted in measurably improved security for sen- sitive government data and essential services. For example, the 2002 Federal Information Security Man- agement Act (FISMA) facilitated National Institute of Stan- dards and Technology standards and guidance that provide a basis for common cybersecurity risk management prac- tices. However, many aspects of FISMA compliance and implementation were traditionally administered via manual security control testing. Given the agility of cybersecurity threats, manual control testing is often inadequate to protect government systems or provide a valid understanding of cybersecurity posture. Further, under the current FISMA approach, federal agen- cies conduct thousands of assessments and write and issue reports. Sadly, this information is out of date the moment it is printed, as it provides only a snapshot versus real-time, dynamic problem identifcation. In large civilian agencies, this paperwork can account for as much as 65 percent of the overall IT security effort. In this paradigm, attackers consistently outpace these mori- bund protection efforts. Therefore, the Offce of Manage- ment and Budget codifed the Continuous Diagnostics and Mitigation Program, requiring federal agencies to adopt an information security continuous monitoring program. CDM Concepts and Principles In brief, continuous diagnostics and mitigation provides federal civilian agencies with sensors to detect cybersecurity issues on an ongoing basis and services to ensure that these sensors are effectively installed, integrated, and operated. Specifc cybersecurity issues are displayed on agency dash- boards for corrective action, and a federal dashboard will provide summary information on each civilian agency, allowing comparisons of cybersecurity posture across the executive branch. CDM begins when an organization installs continuous diag- nostics sensors on its networks that scan for cybersecurity The CDM Program enables government entities to expand their continuous diagnostic capabilities by increasing network sensor capacity, automating sensor collections, and prioritizing risk alerts. This approach lowers the operational risk of information security systems and .gov networks. Graphic courtesy of the Department of Homeland Security. The CDM Process or "How CDM Works" Continuous Diagnostics and Mitigation Phases ● Protect end-point devices: Scan and ensure devices are iden- tifed and properly confgured. ● Manage users and their permissions: Make sure that users only have access to the information for which they are autho- rized. ● Manage events: Rapidly identify, respond to, and mitigate cybersecurity issues and threats.