There’s no question that government leaders are sincerely and firmly committed to developing more effective cybersecurity models to thwart ever-proliferating and shifting cyber threats. But a recent report from the Office of Inspector General within the Department of Homeland Security reveals how a variety of complex challenges can stall — if not entirely scuttle — such initiatives.
As is often the case, this particular sequence of events began with a sense of noble purpose: In recognizing cybersecurity as a government-wide priority, the Office of Management and Budget required in 2013 that federal agencies establish an Information Security Continuous Monitoring (ISCM) program to help identify and respond to cyber threats. Through ISCM, organizations maintain ongoing awareness about security risks, vulnerabilities and threats to support effective risk-management decisions.
In working with OMB to oversee the implementation of federal department/agency-level ISCM strategies, DHS launched the Continuous Diagnostics and Mitigation (CDM) program in 2013 to enable agencies to manage security risks on a…
