[ad_1]
The goal for Year 12 of the Cybersecurity and Infrastructure Security Agency’s Continuous Diagnostics and Mitigation Program is very simple.
CISA is focused on operationalizing today’s cyber tools to help government agencies maximize their value.
Matt House, program manager for CISA’s CDM program, said this new focus is important for the approximately 100 federal civilian agencies that utilize CDM.
“For us, our priorities for 2024 include reaching a stage where we declare completion of our asset management efforts related to traditional endpoints such as network servers, workstations, laptops, and desktops. We’re very close to that,” House said on Ask the CIO. “However, we recognize that asset management as a set of functions is far from complete. We are only about halfway through the mobile asset class, and this year will continue to be challenging. We started piloting some of the same capabilities for cloud assets in 2023, so in 2024 we plan to continue to enhance this as another broad asset class that you want to manage and have visibility into. is. “
In addition to traditional IT endpoints, CDM also challenges the Internet of Things and other connected devices that are considered non-traditional or operational technologies.
“From an asset management perspective, we have started or continue to work on these asset classes. As we think about what different assets look like, that path and timeline will change. But our goal is to be parity in terms of visibility,” he said. “Essentially, these devices are no different fundamentally from some of our traditional endpoints. But some of these devices have broader implementations and quirks. is currently evaluating some of the products that have been introduced to the market over the past few years that are a little more specifically tailored to handle sensing for IoT devices. It’s easier to operate, and its agents run locally on that device and can sense and report back all your needs. For certain other things, it’s a bit like remote sensing, so there are technical nuances and we’re trying to separate that out, and we’ll probably end up using specialized tools.”
The House added that CISA will seek to better understand the current tools and capabilities in today’s commercial markets and how they can be leveraged.
FISMA focuses on OT systems
The CDM’s move to include more OT system data comes as part of a broader government-wide effort to improve the management and security of these non-traditional systems.
The Office of Management and Budget’s Federal Information Security Management Act of 2024 (FISMA) guidance requires agencies to develop an enterprise-wide inventory of the agency’s covered IoT assets by the end of fiscal year 2024. These OT systems include everything from industrial control systems to buildings. From management systems to fire control systems to physical access control mechanisms.
“Creating an inventory of government IoT assets, including those that qualify as OT, will ensure an enterprise’s cybersecurity posture as these assets become increasingly interconnected with IT hardware and software. Inventory provides agency CIOs and CISOs with visibility into connected devices and systems and appropriate controls (such as those specified in NIST SP 800-82 and NIST SP 800-213). and make risk-based decisions about mitigating cybersecurity threats,” OMB wrote in guidance sent to agencies in December. “Additionally, inventories allow government agencies to more efficiently identify and mitigate vulnerabilities and ensure a more secure and resilient infrastructure. It is also a necessary prerequisite to establishing a baseline that allows monitoring and detection of potentially harmful activity.”
As part of the 2024 FISMA metrics sent to government agencies in December, CISA will help governments identify the number of systems that include operational technology (OT) and Internet of Things (IoT) devices and whether they are low or moderate. We request that you submit it to the institution. or the impact level is high. Next, within each of these impact levels, CISA wants to know how many systems contain IoT devices and how many systems contain operational technology devices that are considered IoT, based on NIST’s definition.
House said that outside of IoT and operational technology, CDM will continue to drive implementation of endpoint detection and response capabilities.
Complete the EDR deployment
He said CISA plans to complete the rollout of EDR across civilian agencies in 2024.
“The other thing we’re doing right now, which is really exciting and probably one of the most important things we’re going to do this year, is enabling what we call Persistent Access Capability (PAC) through EDR. “This is a unique capability through EDR. CISA requires threat hunters and cyber analysts to have visibility across EDR implementations in federal civilian agencies.” “This is very transformative in that it multiplies the power of government agencies from a cyber defense and cyber response perspective. Look, this is actually very simple and easy to accomplish.”
Much of the data from PAC and EDR is entered into agency and CISA CDM dashboards. House said CISA has taken several steps over the past few years to put the dashboard in a good position in terms of functionality and usage across the government.
“Our initiative this year is to get more agents on board with our hosted dashboard. Dashboard-as-a-Service allows agents to run their own instance of an agent dashboard. We take away some of the complexity, costs, and concerns that you have when dealing with agents, and we host your agency’s dashboard. This gives us much greater economies of scale and allows us to “I think we can bring the best of both worlds to the agency,” he said. “The other thing I’m looking forward to from a dashboard perspective is that as part of version 6 of the dashboard, which is our last release for fiscal year 2023, we are enabling functionality related to automation of some FISMA metrics reporting. We’ve just started doing that. I think there are some toes in that pool right now, but we’re going to continue to expand it throughout 2024. It’s relatively low for us. This is going to be a big focus area for us because it’s a lift. It’s relatively low complexity and risk. I think [everyone] I think you would agree that there is a lot of value added in terms of freedom from manual quarterly reporting cycles for some metrics that are ready for automation. ”
House added that the automation of certain FISMA indicators is directly related to the operational objectives of the CDM. He said it will give cyber analysts and defenders more time to focus on defense and risk mitigation rather than reporting data.
This is especially true for another feature CDM has planned for 2024: over-the-air updates to the dashboard.
House said version 6 includes the ability to push content updates more quickly.
“This year, we plan to push content updates to agency dashboards that have no security impact. They do not have to undergo rigorous code reviews or security reviews by agencies,” he said. “We can eliminate these things. When this week’s vulnerabilities occur, the latest and greatest vulnerabilities emerge that everyone needs to jump on. Dashboard dedicated to the Federal Dashboard You can prepare visualizations and push them to the federal dashboard.”Agency Dashboard provides agents with a timely heads-up display of how to defeat the monster of the week. This is a big deal for us. This is because we are leveraging the functionality that we have built, and we would like to continue to make the most of that functionality and actually promote the operational use of dashboards at the agency level. Masu. ”
Copyright © 2024 Federal News Network. All rights reserved. This website is not directed to users within the European Economic Area.
[ad_2]
Source link
