OMB to reduce federal gateways

IN AN AMBITIOUS PLAN TO reduce federal networks' exposure to hackers, the Office of Management and Budget wants to cut to 50 the total number of external connectivity points ' including Internet connections ' for all federal agencies.

OMB's new initiative, called Trusted Internet Connections, requires agencies to develop a plan of action by Jan. 8 for reducing the number of connection points they maintain to the Internet. Agencies must consolidate the number of external gateways to a handful each, perhaps by setting up shared-service centers with other agencies. A gateway, or Internet point of presence, is a physical location with servers, routers and switches through which a network connects to the Internet.

The consolidation must be complete by June. The Homeland Security Department's National Cyber Security Division will oversee the initiative.

A Nov. 20 memo from OMB Deputy Director for Management Clay Johnson introduced TIC. A governmentwide meeting in Washington followed Nov. 30, at which Karen Evans, OMB's administrator for e-government and information technology, detailed the plans.

Today, agencies have more than 1,000 external connections to the Internet not counting those maintained by contractors, Evans said at the meeting, according to a government official who attended but did not wish to be identified. Each point of presence will be monitored by multiple security applications and appliances, such as the U.S. Computer Emergency Readiness Team's Einstein Monitoring Program. OMB wants agencies to strongly consider using GSA's Networx telecommunications contract to comply with TIC.

'This is an essential step because Federal Information Security Management Act-based defenses have failed to stop the attackers,' said Alan Paller, director of research at the SANS Institute.

'Once they are inside, only very sophisticated monitoring can hope to find the infections.'

Richard Burk, OMB's former chief architect and now a consultant, said reducing the number of Internet connections shouldn't be too difficult: The Defense Department and DHS have already made the move.

'I've been told that if the Pentagon can reduce the .mil domain to 18 connections and DHS can get down to two connections, it seems reasonable for the rest of government to consolidate,' Burk said. 'If that is the case, such consolidation would optimize the use of USCERT and the investment of $115 million into it. Internet connections are a commodity item which should be treated as a service and purchased as such.'

He added that agencies don't have enough trained staff to properly maintain the connections.

'There is no way each agency can operate its own at an adequate level.'

In any case, some experts say, complying with this plan will be a big job. The first step is to identify all the current external gateways, a task that by itself could be formidable. An agency's enterprise architecture will be crucial to consolidating the gateways, said Tony D'Agata, Sprint's vice president of federal government. The agencies must then work with their network providers and fellow agencies to re-engineer connections to meet the new architecture.

Industry observers have noted that some aspects of the plan will have to be developed along the way. One task is to design the networks so that they still offer connectivity during node outages.

When a portal for one region goes down, all agencies in that area using the portal will be without connectivity ' unless some sort of secondary connectivity is available.

Need to share

Roger Baker, former chief information officer at the Commerce Department and now chief executive officer at Dataline, said having a limited number of Internet connections will mean that agencies must become shared-service providers for field offices, which will add new levels of complexity.

For instance, if the agency in charge of one portal has a policy to cut off all external access when a breach occurs, will the connectivity for other agencies it supports at that location also be shut off? 'It will be hard for agencies to agree on a standard security policy for connections,' Baker said.

Nonetheless, OMB appears to be quite serious in moving this initiative forward.

'OMB sees this as a minimally disruptive initiative that has a huge ROI and is not interested in hearing excuses,' the government source said.

Joab Jackson contributed to this story.

NEXT STORY: Technicalities

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.