Deadline looms to re-engineer networks
- By John Rendleman
- Apr 07, 2008
More than 100 agencies in the federal government will be under intense pressure in the next three months to re-engineer their networks in time to meet the June 30 deadline for implementing the Office of Management and Budget's Trusted Internet Connection (TIC) initiative.
OMB launched TIC in November 2007 with a memo
spelling out the initiative's objectives, which include reducing the number of connections between federal agencies' networks and the Internet from approximately 4,000 to a total of 50. OMB expects the reduction to improve network security by limiting the exposure of the government's infrastructure to outside threats and simplifying the task of monitoring traffic entering and exiting the government's network.
The TIC initiative will create a perimeter network or demilitarized zone between the government's internal networks and the Internet; the sharp reduction of interconnection points should enable the government to monitor traffic more efficiently because it can filter data traveling to and from the Internet using a smaller number of security appliances.
The OMB proposal calls on the Homeland Security Department to enforce network security, primarily through the installation and operation by its U.S. Computer Emergency Response Team (US-CERT) of Einstein packet-filtering devices to keep outside threats from entering and block sensitive government information from leaving.
Most security experts said the short timetable for implementing TIC and the few flaws they could find in the initiative are more than offset by the overall effectiveness of its approach, as well as the urgent need to strengthen the security of the federal government's data infrastructure, which many view as long overdue.
'We should have done this five years ago, but there wasn't the heart or the will then like there is now,' said Howard Schmidt, a former cybersecurity adviser to the White House. 'The timetable is aggressive but on the same token there is a sense of urgency' now that there's momentum behind the plan.
'The concept is very sound,' Schmidt said. 'You can easily monitor what's going on, you can react more quickly and you have greater visibility of threats. If done correctly, this can achieve a lot.'
Smaller agencies that won't qualify for their own connections to the Internet will in effect have to subcontract their connections to a larger agency, which will improve their network security while at the same time creating greater efficiencies overall, which should cut the federal government's total cost for its data network, Schmidt added.
OMB timed the deadline for agencies to complete their migration to TIC so that it would coincide with the federal government's other major initiatives to strengthen the security of its computer systems and data networks so that agencies could work on all of the initiatives simultaneously, said Karen Evans, administrator for e-government and information technology at OMB.
'We're trying to make sure that everything is raised to the same level, and we've picked these dates because all the efforts align,' Evans said. After initially estimating that the federal government had 1,000 connections to the Internet, the latest counts OMB received from agencies put the number at 4,000, Evans said. The target of 50 connections, while ambitious, was well thought out, Evans said. 'We set the target at 50 because 4,000 is too many,' and while some agencies may believe that the goal of 50 and the June 30 deadline are unrealistic, 'there's no technical reason this can't be done.'