With Federal agencies needing to move the bulk of their workforce to remote or hybrid environments since the start of the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program has worked with agencies to account for the increase in attack vectors and take a more proactive risk management stance, CDM Program Lead Richard Grabowski said.
Grabowski provided an update on the program and emphasized the importance of sharing actionable security data, in remarks on October 7 at the Billington Cybersecurity Summit.
“There has been a significant change for the program for the last, I would say 18 months, not the least of which is the [Biden administration’s cyber] EO (executive order),” Grabowski said. “So, there is a significant increase for us at least on mission scope … detection [and] response in addition to proactive risk management. One of the mantras of the program since day one has always been to fix the worst problems first.”
“You could run into any network today” with vulnerability scanning “and find something,” Grabowski added. “It’s about how do we make that actionable….
