The Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program is employing a multi-year view on helping Federal agencies to better protect their high-value assets (HVA), CDM Program Manager Kevin Cox indicated today.
In remarks at the virtual FCW CDM Summit, Cox reiterated that the program office has HVA protection pilots ongoing with an unspecified number of Federal agencies aimed at helping them implement data protection management capabilities, understand how their systems and data are protected, and make sure that their data is encrypted and unreadable by unauthorized parties.
“We will continue to move forward with [those pilots] in the coming fiscal years,” Cox said.
In remarks delivered last month, Cox indicated that improving HVA protection may not come through any kind of quick fix.
“What we have found is there a lot of complexity there,” he said, adding that the CDM program needs to be careful about how it deploys technology and architects systems “to make sure we don’t disrupt a mission-critical system.”
“Slow and steady wins the race in those situations,” he said. “We want to scramble to get the technology in place … but if we scramble and architect the system in the wrong way, then we set ourselves back,” Cox said last month.
During his remarks today, Cox said his office – in cooperation with the HVA program management office in CISA’s cyber division – is working with multiple Federal agencies on HVA programs “to identify agencies that may be ready to engage in some additional deployments” aimed at improving data protection. That effort, he said, is aimed at “working to identify candidates for additional pilots going forward.”
He said the CDM Program Office’s approach involves “speaking with the agency and the HVA system owner to get a better understanding of the architecture and to get a better understanding of the protections in place … and the overall nature of the data in the system.” Then, the office aims to work with those agencies and owners “to identify the right sets of solutions … to get those HVA data protections in place,” Cox said.
“We will continue to work with agencies in Fiscal Year 2021 and beyond where they need protections … and work to identify where we can do pilots,” he said.