In the News
Safeguarding Americans’ data in federal agencies
Washington, DC, January 30, 2018
In today’s digital age, nearly every service imaginable is available through a couple of quick clicks on an app or a website. We can order food or groceries right to our doorsteps, we can call a ride to the airport, or we can pay for a parking spot — all within seconds. But this convenience comes with inherent risk — living one’s life in the digital age means trusting your sensitive information with outside applications, organizations and vendors.
Given the possibility that information hosted digitally could end up in the wrong hands, people are rightfully cautious when deciding which companies and products they trust. To generate consumer confidence, companies understandably tout the quality or reliability of the security tools used to safeguard information they collect from their customers. Similarly, the federal government, which possesses every American’s sensitive personal information, must prove — to an even greater extent — that it is worthy of protecting troves of their most sensitive information.
In the past few years, major breaches at the U.S. Office of Personnel Management and IRS have unfortunately eroded the public’s faith in this important government function. In the wake of these incidents that placed millions of people’s data at risk, I urged officials at the Department of Homeland Security (DHS) to swiftly address this troubling problem, and I’m encouraged they are moving in the right direction.
We all know the challenge we face in our federal government’s cybersecurity isn’t a lack of available technology. The private sector has been innovating and coming up with the kinds of sensors and dashboards necessary to find and visualize this data. The challenge lies in equipping agencies to utilize these tools and capabilities and ensuring the procurement process is agile enough to meet the evolving cybersecurity needs.
A critical component of this effort involves overseeing and improving the tools we’ve granted DHS to leverage in accomplishing this important responsibility. And beyond this, ensuring we deploy continuous strategies that are nimble and dynamic enough to be valuable cybersecurity tools for years to come through an emphasis on cloud, mobile and Internet of Things (IoT).
Right now, one of the biggest assets at DHS’ disposal to prevent future breaches is the Continuous Diagnostics and Mitigation (CDM) program. CDM ensures strong cybersecurity hygiene by allowing the federal enterprise to monitor and assess the vulnerabilities and threats to its networks and systems in real time — or as close to real time as possible — by allowing data defenders to see what is happening in their digital ecosystem. After all, you can’t protect what you can’t see.
In 2012, DHS launched the rollout of a continuous four-phase process that will allow CDM to eventually provide the American people the kind of federal cybersecurity that they deserve. This will be accomplished by granting the ongoing ability to buy and implement security technologies that will provide visibility and real-time risk assessments, which will allow security experts to coordinate their defenses.
Right now, DHS is overseeing the process of identifying what and who is on federal networks before shifting into the final phase, which will focus on the security of the data itself. From the perimeter down to the data, CDM will provide a dynamic means of providing cybersecurity awareness to empower network defenders to do their job.
Before we can move forward, however, it’s critical that we learn what we are doing right and what we could be doing better. That’s why we invited key stakeholders from Splunk, RSA Archer, CGI Federal and Information Technology Alliance for Public Sector to testify at our cybersecurity subcommittee hearing just this month.
In our discussion, we confirmed that full deployment of the CDM program should be viewed as a journey rather than a destination. This means the subcommittee must be sure to examine a longer-term approach for the program — not just a focus on the low-hanging fruit. We in Congress must keep the pressure on DHS to provide a continuously rolling and adaptive CDM program to keep pace with the ever-evolving threats our federal agencies and departments face.
Before the age of the Internet, agencies weren’t generally considered part of the national security conversation, but we must realize that every agency that maintains personally identifiable information is on the front line of keeping this country safe. Moving forward, we will continue focusing on the CDM program and DHS’ overarching cybersecurity mission to ensure that federal agencies have the right tools to protect the data of every American and prevent the massive data breaches that erode public trust.
Rep. John Ratcliffe, Texas Republican, is Chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection.