About CFM

CFM Cyber Fed Model

The Challenge

As a nation, it is vital that we develop the strategic capabilities to defend against the increasingly diverse and complex cyber threats that put large segments of our national and global interests at risk. The speed of the Internet dictates that we drastically reduce the time it takes to react to and act on cyber threats.

Without rapid communication of cyber threat intelligence, organizations cannot achieve the situational awareness necessary to defend against emerging or imminent threats.

The Solution: CFM

The Cyber Fed Model (CFM) is a community-based system which gives large distributed organizations the speed and agility they need to proactively defend against cyber threats through the near real-time dissemination of highly relevant and actionable cyber threat intelligence.

CFM offers a new approach to machine-to-machine information sharing by creating a uniquely customizable payload-agnostic communications framework that enables coordinated global defense through collective intelligence gathering and tactical information sharing; that decreases the costs of cyber defense and increases the costs to attackers.

US Government Analysis Center Chart


CFM is a cost-effective operational tool well-suited for automatic, 24/7 protection. It is an effective complement to deeper analytics activities performed by an organization’s security analysis and incident response center. When an attack is detected, information can be rapidly disseminated using CFM.

CFM’s straight-forward functionality:

  • Uses web-based communication, which simplifies participation
  • Is payload agnostic, supporting c and more
  • Supports the transport of alerts, analysts’ reports, detection rules, and more
  • Can be integrated with a participant’s existing infrastructure
  • Operates in near-real-time, enabling rapid response to threat
  • Responds automatically, using machine-machine communication well-suited to the volume and velocity of internet threats
  • Employs high-availability, geographically-distributed servers
  • Carries permissions forward explicitly, ensuring trust between participants
  • Is scalable, making it easy to add participants


CFM increases perimeter protection for individual participants and the community as a whole, since it:

  • Distributes data automatically and in a timely fashion
  • Encourages community-based sharing and whitelists to prevent blocking of trusted entities
  • Gives participants control of their data: how much is shared and how it is used by others

Future Capabilities

CFM is currently developing further features and enhancements, such as:

  • Tools for local detection capabilities to improve site-site correlation and confidence
  • Streaming distribution mode
  • Interchangable exchange formats (between STIX profiles, OpenIOC, IODEF, etc.)
  • Increased data “enrichment” through open source and partner relationships
  • Data confidence, relevancy, and threat ratings
  • Incorporation of more open source threat intelligence
  • Continued participant growth from DOE, U.S. government, energy sector, and oil & natural gas asset owners

Getting Involved

As an information-sharing system, CFM relies on your involvement to strengthen its community of proactive defenders. CFM is actively being used by participants and groups in the U.S. Department of Energy (DOE), U.S. government, and energy sectors.

Please see Get Involved to learn more about how you can contribute to CFM.