COMMENTARY

Why the Networx transition is a security imperative

The cyber threat has evolved radically since FTS 2001 established a basic framework for telecom services

David Hughes is managing partner and co-founder of TurningPoint Global Solutions.

Agencies that are behind in transitioning their telecommunications services to the Networx contract could be costing themselves more than they realize.

Experts say the transition from FTS 2001 to Networx is inherently complex, partially because the new telecom program offers so many more features. But one of the critical features is a set of security offerings that agencies cannot afford to do without.

Since FTS 2001 established the basic framework for telecom services across the government, a transformation has occurred in technology and cyber threats. The Government Accountability Office recently reported that almost all 24 major federal agencies had weaknesses in information security controls.

Even a minor loss of data could be costly. In April, the American National Standards Institute released a report on the financial management of cyber risk in which it estimated the cost of an average data breach of 10,000 records as $1.5 million, or $150 per record. For a government entrusted with the records of 300 million Americans, the potential cost of a data breach is in the tens of billions of dollars.

To combat that threat, industry has developed new technologies, and government has enacted new policies. However, some of those technologies are available only through Networx. One such program is the Trusted Internet Connections initiative.

Begun in November 2007 — concurrent with the Networx transition — the initiative has a simple task: reduce vulnerability by reducing the number of Internet gateways to federal systems. Since then, agencies have reduced their external connections by nearly 50 percent. However, according to the latest GAO report, none of the major agencies and departments has met all the requirements of the TIC initiative. Acquiring telecom connectivity via Networx is one of the six major milestones of the program.

The security imperative is not lost on members of the Senate Homeland Security and Governmental Affairs Committee. In March, Sens. Joe Lieberman (I-Conn.) and ranking member Susan Collins (R-Maine) wrote an open letter to Attorney General Eric Holder expressing their concern about the delay in the Networx transition. It “is of particular concern given the security of federal networks and the opportunities to use new technologies to assist agencies in strengthening their cyber defenses,” they wrote.

Much of the delay in gaining connectivity via Networx is because most agencies don’t have a clear idea of what kind of network connections they have. Beginning in 2007, a snapshot inventory was taken of every telecom connection — known as the Transition Baseline Inventory. However, each time the inventory grows, the snapshot is invalidated, making the transition even harder. In fact, since 2007, the inventory has grown by more than 25 percent.

As agencies fall behind in tracking their telecom assets, they slow the transition to more secure technologies and critical programs, such as TIC. They also underscore the troubling reality that they don’t really know what communications systems they have. If you don’t know what you have, how can you know what your vulnerabilities are?

What we do know is that the threat to our networks is real — and it isn’t waiting for the transition. We know how to mitigate the threat: get a handle on the growing network inventory, complete the transition to Networx and meet the milestones of the TIC initiative. All we need now is for agencies to recognize the pressing security imperative of the Networx transition.

 

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Thu, Aug 19, 2010 Janice Taylor-Gaines Alexandria, VA

This is a GREAT article, despite the dismay of breaches and data insecurities, in that it keeps one of my pet concerns front and center: Security. Everyone needs to be a mini-Security Officer today. Most individuals and organizations enjoy Security largely as a matter of luck. For some free insight check out the blog, “The Business-Technology Weave” – you can Google to it. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. Keep “security” front and center! Great stuff.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above