by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : February 2015
CONTINUOUS DIAGNOSTICS & MITIGATION possible, humans only have to be involved when the activity is unexpected. Automation also is the only practical way to meet the CDM requirement of assessing all network assets every 72 hours. “The challenge of doing something 10 times a month instead of once a month when these agencies are already resource-constrained is completely overwhelming for solutions that don’t have a high degree of automation,” says Keren Cummins, Director, Federal Sales at Tripwire, a provider of risk-based security, compliance and vulnerability management solutions. Continuous, real-time monitoring: A wide range of research shows that once an advanced persistent threat enters a network, it can quickly compromise dozens of machines, moving laterally. That makes continuous monitoring critical; by spotting breaches quickly, you have a better chance of containing and eradicating them. Most agencies already stress the importance of continuous monitoring. For example, the Defense Department relies on its Continuous Monitoring and Risk Scoring (CMRS) system to meet this goal. Big Data analytics: Data today comes from many sources—mobile devices, sensors, email and texts, images, phone logs and more. It’s critical to examine each and every piece of data interacting with the network to ensure security. With big data analytics, agencies can gain full visibility into everything in the IT infrastructure, allowing them to quickly connect the dots across different systems and applications. Doing that in real-time translates into a powerful CDM capability. “It doesn’t matter the device, or whether the resource is cloud, physical or virtual; if confidential data is involved, it represents a potential risk to the organization and must be monitored,” said Joe Goldberg, Security Evangelist at Splunk, a software platform provider for real-time operational intelligence. Ensuring that all of these capabilities are included and work together—and as required—is a difficult task. The best way to start is with a verified, tested cybersecurity framework. NIST has provided the baseline with its 800 series publications, which outline the technical controls, best practices and processes agencies need, focusing on risk management and continuous monitoring controls required to handle both advanced persistent threats and insider threats. In developing the framework, NIST included input from the public and private sector as well as SANS Institute, which contributed the 20 critical security controls. The framework is technology- agnostic, giving agencies the freedom to choose which technologies to employ to meet the framework’s goals. The NIST framework itself is a base on which agencies can build their own CDM programs. The Defense Department has chosen to include its Continuous Monitoring and Risk Scoring (CMRS) system as part of the framework, while DHS has chosen to layer its Continuous Diagnostics and Mitigation program on top of the framework. DHS is the lead agency for the federal government on the CDM effort. A look ahead Once agencies are finished implementing Phase I, they must turn their attention to the next two phases. Phase II addresses issues around managing people, from training and credentials to account access and privileges. Phase III focuses on event management and boundary protection, employing technology such as forensics analysis and data loss prevention. Along the way, threats will continue to change and technologies will continue to mature. One of the fastest-growing vulnerabilities is in the area of the Internet of Things, which involves the data sent from a variety of sensors through networks. “ Think about a military base and all of the people who live on it. If they have sensors for temperature control, refrigerators, televisions and many other things on the military network, you are potentially increasing the IP listing of that base by 30 fold,” says Potter. “I don’t think we have even begun to see the vast increase in sensors and the risks they could cause. That’s something both agencies and vendors have to plan for now.” From Awareness to Action CDM isn’t a concept that sprouted overnight. Instead, it’s the culmination of decades of progress in cybersecurity awareness. CDM promises to take cyber-protection to new heights. 2002 2007 2007 2008 2010 2011 2012 2013 2014 FY2014 Federal Information Security Management Act (FISMA) is enacted Department of State initiates the Cyber Security Incident Program (CSIP) NIST begins working on SCAP (Security Content Automation Protocol) Department of State launches iPost for automated scanning and continuous monitoring; it is so successful that other agencies begin to take note OMB issues mandate on continuous monitoring NIST publishes SP 800-137: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations OMB identifies continuous monitoring of federal IT networks as one of 14 Cross-Agency Priority goals OMB issues memo requiring continuous monitoring of security by the end of FY2017 NIST publishes SP 800-53, Rev. 4: Security and Privacy Controls for Federal Information Systems and Organizations Agencies required to finalize CDM strategies Sponsored Content FCW_Carahsoft_4pg_Insert_final4.indd 3 1/23/15 1:32 PM
March 15, 2015