As Funding Cuts Arrive, Can CDM Deliver on the Value of Its Promises?

For anyone who works in cybersecurity, getting a tough job done with severely limited resources is all in a day’s work.

But when funding allocations suddenly shift after essential programs are already under development, it can be hard for even the most creative, resilient CIOs and CISOs to keep up.

In a time when the coronavirus pandemic set fire to public and private sector budgets worldwide, a sudden bout of financial insecurity is no surprise. But the problem is more severe when the program facing a funding shortfall is Continuous Diagnostics and Mitigation (CDM). A global health emergency hasn’t stopped cyberthreats from multiplying and becoming ever more sophisticated or attack vectors from constantly changing. Which means the agencies that protect the country’s electronic infrastructure can’t let their guard down. Recent events have shown this to be the case just in the last few months.

When the threats are as immediate as ever, and limited resources call for rigorous priority-setting, it’s even more important to utilize the entire dataset available from CDM’s tools and sensors as the cornerstone for effective protection, deterrence, mitigation and response.  More specific, efforts and resources should remain in a full-throttle posture for tools and services which will allow agencies to better proactively protect themselves from a growing and potentially unknown adversary, as opposed to diverting crucial funding and attention to reporting and statuses of things which are already known.  

The Ultimate High-Value Asset

Protecting high-value assets has always been a central part of the cybersecurity mission. Before the pandemic hit with full force, the Department of Homeland Security (DHS) was developing dashboard metrics that gave those assets the priority they deserve and looking to CDM to deliver on that essential mission.

So far, so good. But with limited funds, there’s a risk that DHS will allow critical system vulnerabilities to develop by tightening future CDM enhancements to specific high-value assets, to the exclusion of the supporting network assets that knit them all together. That’s a serious risk when you understand that any successful cybersecurity program depends on integration — and that the true power of CDM is its ability to overlay multiple datasets to create a single lens for tracking, assessing, and responding to threats — those that we definitely know of today, and the next wave that we know we’ll learn of tomorrow. The adage of the weakest link, while not written to support cyber-security initiatives, holds true today.

As cyberthreats become orders of magnitude more numerous and sophisticated, the Integration Layer gives a CDM system the ability to digest vast quantities of input, spot patterns that wouldn’t be visible to the human eye across disparate tools, and quickly identify and respond to potential attacks. Without those deep insights, human operators and the wider systems that depend on them are flying blind.

That reality makes the integration layer the ultimate high-value asset, the essential element that must receive the resources and support to ensure that the rest of the system succeeds. Preventing the “known” cyberthreats is simply table stakes at this point. CDM has the power to allow agencies to look for and identify new and most importantly the unknown threats. Difficult, sure, but definitively doable with the right data fidelity. 

Making the Most of It

Beyond the everyday urgency of the country’s response to cyberthreats, there are practical reasons to stay the course on CDM development.

Before the most recent round of budget announcements, the U.S. cyber-community was largely breathing a sigh of relief that funds had been allocated to get an integrated CDM system in place. Technology and service providers had rolled up their sleeves, assembled the talent they needed to get the job done, and were ready to get started.

If those development teams are now allowed to spin apart, valuable momentum will be lost—and more time will go by once a decision is eventually made to restart the work, hopefully not due to some tragic event or significant breach.

But with the financial crunch fully upon us, DHS can still move swiftly and strategically to make the most of the limited resources available. And those dots connect directly back to the Integration Layer. It’s the single best tool in the toolbox to deliver the results agencies need with the limited dollars available to them. And for the CIOs and CISOs responsible for delivering a safe, secure system — whether or not they have the budget to do the job — taking full advantage of the integration layer is still the best way to prevent an embarrassing and debilitating breach, or at very least to minimize the damage if an intrusion succeeds.

Learn more about Splunk's Public Sector agency leaders can drive confident decisions anad decisive actions through real-time, data-driven insights. 

Michael Guercio

Posted by