Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
24 Proceedings Winter 2014 – 2015 www.uscg.mil/proceedings to cybersecurity have proven inadequate, as have solutions based solely upon compliance rather than outcome. By mov- ing the entire civilian federal government toward ongoing assessment and prioritized mitigation, CDM advances the state of cybersecurity to a pace commensurate with the threat. However, continuous diagnostics and mitigation alone is not the entire solution. System users must be trained in and adhere to appropriate security practices. Oversight entities will need to hold departments and agencies accountable and federal acquisition capacity will need to nimbly incorporate innovative cybersecurity solutions. It will require a whole-of-society approach to protect the nation from cybersecurity risk and ensure that the Inter- net remains a driver of our prosperity, values, and shared growth. CDM is one signifcant step in advancing the gov- ernment toward assuring that our networked future is safe, secure, and resilient. About the authors: Mr. Eric Goldstein is a policy advisor in the Federal Network Resilience divi sion of the DHS Offce of Cybersecurity and Communications, where his portfolio includes training and governance for the Continuous Diagnostics and Mitigation Program. Previously, he served at the Homeland Security Studies and Analysis Institute (a federally funded research and development center supporting DHS), and held homeland security positions in state and local government. Mr. Mark Kneidinger is senior advisor of the Federal Network Resil ience division, within the Department of Homeland Security's Offce of Cybersecurity and Communications. He leads outreach and engagement for the Continuous Diagnostic and Mitigation Program and manages a number of strategic initiatives. Prior to joining DHS, he held leadership and several senior positions, including as a chief information offcer and as a deputy assistant secretary for the U.S. Agency for International Development. Endnotes: 1. For a broader overview of cybersecurity threats, see: Applegate, Steve and Angelos Stavrou. Toward a Cyber Confict Taxonomy. 5 th International Conference on Cyber Confict. 2013. 2. Federal Information Technology FY 2014 Budget Priorities. Available at www. whitehouse.gov. CDM Benefts Speed: Continuous diagnostics and mitigation expands existing capabilities to automatically identify cybersecurity weaknesses in near real-time. This helps risk managers and system administra- tors understand network risks and allows a common operational picture of network health and integrity. Further, identifying cybersecurity weaknesses on an ongoing basis enables personnel to mitigate many of the worst problems before an adversary can exploit them. Prioritize resources: Under existing cyber security approaches, it is tempting to target resources — whether personnel, technology, or other investments — toward fxing the most signifcant prob- lems frst. However, this constrains efective risk management. It is more feasible to allocate resources toward the problems that are most likely to result in a cybersecurity incident, or that would lead to signifcant impact. Unity of effort: Through continuous diagnostics and mitiga- tion, information security personnel can be focused on positive security outcomes based upon a common lexicon. By structuring performance around measurable outcome, as opposed to output or process, cybersecurity managers can justify resources and hold a clear sense of mission. Further, CDM provides cybersecurity staf with a "to-do list" of the most important weaknesses on a given network, ensuring that their activities are integrated around a common set of problems. Valued metrics: CDM enables users to compare cross-agency performance by identifying and prioritizing cybersecurity risks based upon standard criteria and data (known as risk scoring). This allows agencies to understand how their particular cybersecurity posture compares to similar organizations and will improve over- sight fdelity. Strategic sourcing: A constrained budget environment chal- lenges agencies in every branch and level of government in terms of increasing cybersecurity requirements. Fortunately, a CDM blanket purchase agreement provides signifcant cost savings on commercial products and services through bulk purchasing discounts. Further, CDM tool and service discounts are also avail- able to state, local, tribal, and territorial governments.