CDM Cybersecurity Across Federal Agencies

The Challenge

Recognizing that government networks are increasingly targeted by adversaries, the U.S. Congress established the Department of Homeland Security (DHS) Continuous Diagnostics & Mitigation (CDM) program in 2014. The initial contract, a 3-year blanket purchase agreement for continuous cybersecurity monitoring, established the mission: to enhance risk-based decision making and provide real-time capabilities and automated tools to detect, prioritize, and mitigate cyber threats. 

DHS chose Booz Allen for the two largest of six competed contracts. We were tapped to provide support for 13 government agencies representing 123 entities with diverse and dynamic missions, from the U.S. Internal Revenue Service (IRS) to the National Aeronautics and Space Administration (NASA). The request was a first and the largest government cybersecurity initiative to date: apply state-of-the-art technology to decades-old infrastructure, with zero impact to agency mission and business operations—and do it at record scale, precision, and speed.

“Within 4 hours, our solution now generates attack surface visibility that would previously have taken 2 weeks to interrogate and understand.”

The Approach

Prompted by a high-profile breach which occurred weeks before our engagement kicked off, DHS requested Booz Allen to expedite the implementation schedule for our CDM solution. We partnered with the customer agencies to accelerate our “plan, deploy, operate” implementation approach and close critical vulnerabilities. Our team worked quickly, applying deep cyber expertise, robust systems engineering, technical management processes, and extensive experience from working on the government’s most sensitive systems. 

Our solution included comprehensive plans, meticulous technical architectures and blueprints, best-in-class commercial off-the-shelf solutions, and strategic partnerships with leading industry vendors. We identified and addressed risks across the agency—including operational assets and devices added by internal groups without formal approval (i.e., shadow-IT), to remediate critical security gaps and weaknesses.

We also introduced and baselined technology advances to enable functions such as identifying critical assets while applying rigorous data reliability monitoring and an analytics-rich process, allowing us to quickly pinpoint operational integration and reporting challenges. 

The Solution

Our team deployed CDM capabilities rapidly, helping agencies resolve critical security vulnerabilities within weeks. We then leveraged our proven deployment and integration approaches on other federal organizations, using an agile process to achieve operating capability for all 13 agencies. “Today, we protect 80 percent of federal .gov networks with more than 4 million devices. Within 4 hours, our solution now generates attack surface visibility that would previously have taken 2 weeks to interrogate and understand,” says Greg Decker, chief engineer for our CDM DEFEND program. 

Expanded Security: CDM DEFEND

In 2018, Booz Allen was the only CDM incumbent awarded the follow-on contract(s), this time with a 6-year period of performance and an expanded delivery scope. CDM’s new Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) contract includes expanded solutions and capabilities focused on adapting to dynamic agency environments and delivering innovative solutions that combat the latest adversarial tactics.

Booz Allen designed and implemented an integrated approach to fulfill the program’s five program tasks. Our work revolves around implementing new capabilities, sustaining the data integration layer and dashboard systems, providing expanded agency services and critical incident support, and delivering proactive project management support. In addition to benefiting from DHS’ investments, agencies can leverage and apply customized cyber services to address their unique priorities and requirements.

CDM DEFEND offers integrated solutions and services across four focused capabilities:

  • Asset management: Locate and categorize unauthorized devices and inventory installed software; verify and validate security settings; detect security vulnerabilities
  • Identity and access management: Secure access to needed information, enforce multi-factor authentication, update credentials, and monitor network and system behavior
  • Network security management: Identify and prioritize alerts on changes to security thresholds, monitor traffic, scan custom applications, and identify and report vulnerabilities
  • Data protection management: Segment networks and quarantine devices, manage digital rights to protect devices regardless of location, and protect sensitive information

We’re excited about our position as the industry-leading federal CDM integrator and designing and deploying groundbreaking cyber solutions for the government, but the reward comes from protecting essential services that benefit millions of Americans every day,” says Greg.