U.S. Rep. John Ratcliffe (R-TX) seeks continued congressional funding to complete the remaining tasks needed to fully realize the benefits of a cyber program being rolled out to secure federal networks, systems and data.
Along with U.S. Reps. Will Hurd (R-TX) and Jim Langevin (D-RI), the lawmakers have requested that budget leaders authorize $237 million in forthcoming fiscal year 2019 homeland security appropriations legislation to fund the Continuous Diagnostics and Mitigation (CDM) program, which was established by Congress and is being implemented in a four-phase process by the U.S. Department of Homeland Security (DHS).
“The CDM program is of paramount importance because of its ability to provide the federal enterprise with the ability to monitor and assess the vulnerabilities and threats to its networks and systems in an ever-changing cyber threat landscape,” the lawmakers wrote in a March 15 bipartisan letter to U.S. Rep. John Carter (R-TX), chairman of the House Appropriations Subcommittee on Homeland Security, and the panel’s Ranking Member U.S. Rep. Lucille Roybal-Allard (D-CA).
Rep. Ratcliffe, who is serving his second term as chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, has prioritized oversight of DHS’ progress in securing federal networks through the CDM program as a major legislative agenda item, according to his staff.
“As you know, the CDM program provides dynamic cybersecurity capabilities to allow federal agencies to secure their networks, systems and data with the goal of strengthening federal cybersecurity posture for the .gov,” according to the lawmakers’ letter. “Additionally, CDM expands the speed and scope of information sharing and motivates agencies to implement best practices across their enterprise.”
The requested funding would “help the CDM program and DHS’ overarching cybersecurity mission of providing federal departments and agencies with the capabilities and tools they need to secure networks and systems from intrusions,” wrote the lawmakers.
According to DHS, the CDM program is organized by four phases: Phase 1 – What is on the network? Phase 2 – Who is on the network? Phase 3 – What is happening on the network? Phase 4 – How is data protected? DHS says CDM Phase 4 capabilities will support the overall CDM program goal “to continually identify cybersecurity risks on an ongoing basis, prioritize cyber risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first.”
“Right now, DHS is overseeing the process of identifying what systems are connected to the federal networks and who has access to those systems before shifting into the final phase, which will focus on the security of the data itself,” according to the members’ letter. Eventually, this process will allow CDM to provide the American public with the federal cybersecurity that they deserve, the lawmakers wrote.