On Tuesday, May 16, Rod Turk participated in a panel on Continuous  Diagnostics Mitigation (CDM) in Government 2017 "Progress and Best Practices" sponsored by the Federal Executive Forum.

It was another great opportunity for Government and Industry to work together to help the Federal Government with their Cybersecurity Mission Programs.

• Progress: CDM will be a centerpiece of Commerce’s portfolio of cybersecurity tools. We are currently in the Phase 1 pilot and working on many parallel activities including our authority to operate and looking at how to normalize data from across Commerce. This will make it meaningful and improve  our security management.
• Lessons learned: 1) CDM, which is essentially a shared service, has had the unintended positive consequence of bringing our bureaus together for increased CIO and CISO collaboration and cooperation on projects beyond the CDM program. 2) Improved communication amongst the CISOs across the Federal government to share best practices and innovation in use of the tools to protect our networks.
• Challenges: lack of speed in implementation due to disparate missions while ensuring tools and systems are still functioning.
• Future vision: CDM is a good model for procuring systems and tools in volume pricing, integration services, training to ensure success in the program. To get in front of the ‘bad guys’, we need the speed of ‘machine-to-machine” communication to identify vulnerabilities and take necessary actions to protect us. This detection, information, and the speed offered by the automation can build resiliency and identify malware to stop the exfiltration and limit damage.

There are still challenges ahead, but the future looks bright.