The (CDM) Program, led by the US Department of Homeland Security (DHS) under overall management of the US Office of Management and Budget (OMB), is intended to be a dynamic, real-time approach to fortifying the cybersecurity of government networks and systems. The goal is to bring civilian federal agencies up to par with the FedRAMP cyber framework standard of the US Department of Defense. Currently, cyber defense amongst non-military agencies is fragmented and varible.
The DC Strategic Group supports CDM vendors (contractors) - as well as other US GovCon involved in FISMA, FedRAMP, or NIST compliance - with cyber defense roadmaps, SOC and network strategies, and cloud senior advisory.
Manage the Details. See the Big Picture
The US Federal CDM program - cyber modernization - was initiated to bring civilian and non-military agencies up to par with the Gold Bar "FedRAMP" standard of the US Defense Department.
DOD cyber looks at the full range of threat analaysis and response, from OPSEC (operational or human factor risk) to data to network security. Breaches like Edward Snowden or Booz Allen contractors arrested at NSA HQ for stealing and releasing or selling classified materials fall under the OPSEC umbrella. But yet most DHS CDM primes do not understand the need for true, end-to-end human to network monitoring and prediction. Human factor prediction looks at elements such as character flaws - lying, gaming, drinking, family issues, excessive foreign contacts - and personality traits - disrespect for Americans, cruelty to children or animals, sloppiness in dress or fitness, inability to control beligerance or violence toward others (combative personality) - as predictors of mental illness or vulnerabilities known to lead to national security breach. Or cowardice. Or blackmail or susceptability to bribery or a craving for attention or retaliation, leading to deliberate leaks.
Ugly, over-weight females; and skinny, not popular, socially inept male arabs, Sikhs, and other immigrant classes are also statistically, a risk. Ugly or fat females at lower levels of any secure organization are found to have 'lost' court or prosecutor evidence to free sex offenders, and to have allowed data or id access leading to the murders of US agents or crime syndicate victims or witnesses. Sikhs, altho often soft-spoken, pose such terror and violence risk in Canada that government is expelling them. This is human factor or 'crime profiling" that also supplements good cyber defense, along with OPSEC.
Stalking and Cyber
Stalking is another form of mental illness, related to feelings of either insecurity, or obsession with revenge. The average stalking campaign lasts no more than 1.5 years. Campaigns lasing longer typically end in murder. And if the victim and victim's family is not killed, their quality of life is certainly ruined. It is important to understand and listen to victims, in government or commercial cyber programs, to prevent needless suffering or the death(s) of innocent US citizens.
And it is important to understand when we are seeing "stalking' patterns in cyber violations, and when we are seeing random anonymous cyber crime, enemy espionage, or simply revenge not targeting any one individual. Stalking cyber has characteristic RED FLAGS: gps and vehicle blue tooth violations; cell phone and email breach; health care or insurance or other online breaches; and quering or geo-locational or online tracking or pinging of the same individual, across various government or banking or social platforms.
Human Factor and Criminal Cyber
Recently, a US Treasury Department Director of DAS - Data Analysis and Security, a senior role - was found to be using multiple identties, including TWO different personas at Treasury (is he collecting pay twice, or is Treasury just lax in OPSEC and clearance enforcement?), to have perjured (lied under oath), and to have threatened with extortion - keeping from federal work - and with coercion or bribes during the recent Goverment Shutdown, another federal worker so that she would 'keep quiet' about zoning and code violations at a Virginia property she was leasing from him.
CDM managers should be horrified at such breaches of national OPSEC standards, because they highlight exactly the type of human factor error, ethical lapses and character flaws that other nations or organized crime or even blackmailers exploit, to breach US security and compromise vulnerable data. and "Where do we start?" Tackling a cyber modernization acquisition or project without current, complete IT architecture artifacts can be daunting. Many federal agencies or boards have never had the resources to completely map their cyber frameworks or even their data or cloud architectures. Without having a complete understanding of every device, data point, interface, and the business flows utilizing them, it is impossible to move forward with valid cyber security.
We use best-in-breed tools and processes to accurately and quickly help teams discover their entire end-to-end architectures; visualize and improve business processes and information flows; utilize Six Sigma or other efficiency toolsets when necessary; and then move on to true cyber work.