Department of Defense Officials Report on Cyber Risk-Based Decisions

In a new report, Navy, Air Force and Defense Information Security Agency (DISA) leaders provide insights into managing cyber risk and protecting critical infrastructure. Here is a quick summary.  A recent survey of senior Department of Defense (DoD) cyber officials revealed a consistent focus on delivering accurate and actionable cyber risk information to support “operationally informed risk … [Read more...]

The ‘Next Chapter’ in Cyber Risk: Are Federal Agencies Prepared?

The latest study from MeriTalk finds increased technical collaboration across federal agencies and industry stakeholders, as well as some worrying gaps in cybersecurity fundamentals. Tenable recently co-sponsored a MeriTalk study conducted to assess the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program, the initiative that provides cybersecurity tools and … [Read more...]

New Approaches for the “New Normal” in State and Local Government Cyber Defense

Adjusting to the new normal, state and local governments need to be more vigilant and streamlined in protecting their environments against cyber predators. What tactics can help provide high levels of security while also meeting restrictive budget and resource requirements? Even before the COVID-19 pandemic struck, state and local governments were struggling to secure a quickly expanding … [Read more...]

Security Advice for Government Agencies in the Age of COVID-19

As COVID-19 drives many government agencies to quickly migrate from a centralized to remote workforce, new cybersecurity questions arise. Here are steps government agencies can take to manage these new cyber risks.  Formerly office-bound employees are using personal devices in today’s necessity-driven remote work environment, introducing new BYOD challenges. This immediate expansion of the attack … [Read more...]

Public Sector Day at RSAC 2020: More Threats, Limited Resources

Last week, thousands of security-minded professionals descended on downtown San Francisco for the annual RSA Conference. Monday, February 24, featured a Public Sector Day event, which kicked off the big week with a distinct government security focus. The 400-plus crowd of federal/state/local government officials, security specialists and other interested attendees were treated to a number of … [Read more...]

CDM 2020: “Operationalizing CDM” Through Risk-Based Vulnerability Management

The year 2020 is shaping up to be a pivotal one for the U.S. Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program as it takes significant steps toward realizing the program vision of empowering federal agencies to make informed cybersecurity risk decisions and fix their worst problems first.  The CDM program, administered by the U.S. Department of Homeland Security … [Read more...]

What is Critical Infrastructure and How Should We Protect It?

We hear a lot these days about critical infrastructure, and the importance of protecting it. But what exactly is “critical infrastructure,” what are the greatest threats to it, and what are the best ways to protect it from those threats?  What is Critical Infrastructure?  According to the U.S. Department of Homeland Security (DHS), which is the federal agency charged with oversight of its … [Read more...]

CDM DEFEND: Going Mobile

<p>How the CDM DEFEND plan for adding and securing mobile devices will help government agencies improve visibility and security.</p> <p>“<a href="https://www.youtube.com/watch?v=ToxymSLzJeM">Going Mobile</a>” was a hit song for the British rock band “The Who” in the early 1970s. Celebrating a transient lifestyle, the song captured the public’s imagination … [Read more...]

CDM: Making US Federal Agencies More AWARE of Cyber Exposure

At a recent Tenable sponsored MeriTalk event, Kevin Cox, program manager for Continuous Diagnostics and Mitigation (CDM), provided a preview of coming attractions regarding the CDM federal dashboard. As of this writing, the CDM dashboard is in its initial production stage, with agency exchanges being set up to aggregate the data to be fed into the dashboard. At least five agencies are reportedly … [Read more...]

From Off-the-Rack to Custom Tailored?

A Government Perspective on the Changing CDM LandscapeAs the Continuous Diagnostics & Mitigation Program (CDM) begins its next phase of task orders, it is useful to look back at the earlier stages of the program to help us understand the importance of changes now being implemented in the program’s contractual and programmatic structures. CDM began as a group of GSA Schedule 70 Blanket … [Read more...]