Federal Continuous Monitoring Project UnveiledDHS Initiative to Examine Networks of Civilian Agencies
The U.S. Department of Homeland Security is initiating a program to provide continuous monitoring capabilities to civilian, non-intelligence agencies in the federal government.
DHS will deploy sensors to agencies, generating the needed 60 billion to 80 billion vulnerability-and-configuration-setting checks every one-to-three days across the .gov network, according to a fact sheet issued by the department.
The need for such monitoring is critical as cyberattacks against the government mount. The federal government in 2011 responded to more than 106,000 attacks, including cyber exploits that injected viruses, stole information and disrupted federal network operations. "In contrast," the fact sheet says, "decade-old security regulations require manually testing major systems just once every three years. This creates findings that are often out of date before they go to print."
In its role overseeing and assisting agencies in their IT security efforts, DHS says it will supply a set of cyber-defense capabilities to protect the .gov from escalating and rapidly evolving threats. DHS will provide diagnoses, prioritizing and displaying the most serious problems first. The department says it will use internationally recognized best practices for optimal results.
DHS contends defending federal networks has proven to be feasible and cost effective by automating cybersecurity testing and creating diagnostic reports to accelerate corrective action. More than 80 percent of the time, exploits target previously known vulnerabilities on networks, computers and commercial software, DHS says. Since 2003, federal case studies indicate that repairs can often be completed before damaging acts are attempted when diagnostic reports highlight the worst problems to fix first.
Here are the capabilities DHS says it will provide agencies:
- Critical Warnings: DHS will warn agencies about vulnerabilities and weaknesses that could shut down network operations if critical patches and repairs are not completed.
- Preventative Defense: DHS will white list safe software, helping to prevent malware from being installed.
- Dashboards: DHS will deploy a cyber-diagnostic dashboard at each agency to provide customized reports, alerting government program and technical managers of the worst known cyber risks requiring priority attention. Progress will be recalculated each day so results can be compared within the agencies. A central dashboard will be located at DHS to reflect federal enterprise security status.
- CyberScope: DHS will summarize progress, correcting known problems across .gov networks and feed status information to a federal security system called CyberScope [see Automated FISMA Reporting Tool Unveiled]. Federal trend monitoring capability will watch for instances where agency action on critical patches needs to be accelerated as a protective measure.
The department says it will use commercial, off-the-shelf tools whenever possible to collect information on security vulnerabilities. These sensors scan personal computers and servers and diagnose weaknesses which are then collected and prioritized for action by a dashboard tool available to each agency on the .gov network.
DHS agencies can use provided cyber-diagnostic tools directly or ask contractors to operate them on their behalf. Planning is underway to make the same diagnostic tools used on .gov networks available as an optional implementation strategy in federal cloud computing. "These combined strategies will unify and modernize the methods of conducting continuous monitoring across all networks and COTS software of .gov organizations no matter how they are implemented," the fact sheet says.
DHS says these methods have been proven at the State Department, which eliminated 89 percent of measured risk on personal computers and servers in 12 months, and one third of the remaining risk in 24 months. A fully-featured dashboard at the State Department helped implement critical patches to the 84 percent level of coverage in seven days and the 93 percent level of coverage in 30 days.
The State Department program was initiated by then Chief Information Security Officer John Streufert [see Building DHS's All-Star Cybersecurity Team], who now serves as director of DHS's National Cybersecurity Division, which is overseeing this project.