COMMENTARY

Why the Networx transition is a security imperative

The cyber threat has evolved radically since FTS 2001 established a basic framework for telecom services

David Hughes is managing partner and co-founder of TurningPoint Global Solutions.

Agencies that are behind in transitioning their telecommunications services to the Networx contract could be costing themselves more than they realize.

Experts say the transition from FTS 2001 to Networx is inherently complex, partially because the new telecom program offers so many more features. But one of the critical features is a set of security offerings that agencies cannot afford to do without.

Since FTS 2001 established the basic framework for telecom services across the government, a transformation has occurred in technology and cyber threats. The Government Accountability Office recently reported that almost all 24 major federal agencies had weaknesses in information security controls.

Even a minor loss of data could be costly. In April, the American National Standards Institute released a report on the financial management of cyber risk in which it estimated the cost of an average data breach of 10,000 records as $1.5 million, or $150 per record. For a government entrusted with the records of 300 million Americans, the potential cost of a data breach is in the tens of billions of dollars.

To combat that threat, industry has developed new technologies, and government has enacted new policies. However, some of those technologies are available only through Networx. One such program is the Trusted Internet Connections initiative.

Begun in November 2007 — concurrent with the Networx transition — the initiative has a simple task: reduce vulnerability by reducing the number of Internet gateways to federal systems. Since then, agencies have reduced their external connections by nearly 50 percent. However, according to the latest GAO report, none of the major agencies and departments has met all the requirements of the TIC initiative. Acquiring telecom connectivity via Networx is one of the six major milestones of the program.

The security imperative is not lost on members of the Senate Homeland Security and Governmental Affairs Committee. In March, Sens. Joe Lieberman (I-Conn.) and ranking member Susan Collins (R-Maine) wrote an open letter to Attorney General Eric Holder expressing their concern about the delay in the Networx transition. It “is of particular concern given the security of federal networks and the opportunities to use new technologies to assist agencies in strengthening their cyber defenses,” they wrote.

Much of the delay in gaining connectivity via Networx is because most agencies don’t have a clear idea of what kind of network connections they have. Beginning in 2007, a snapshot inventory was taken of every telecom connection — known as the Transition Baseline Inventory. However, each time the inventory grows, the snapshot is invalidated, making the transition even harder. In fact, since 2007, the inventory has grown by more than 25 percent.

As agencies fall behind in tracking their telecom assets, they slow the transition to more secure technologies and critical programs, such as TIC. They also underscore the troubling reality that they don’t really know what communications systems they have. If you don’t know what you have, how can you know what your vulnerabilities are?

What we do know is that the threat to our networks is real — and it isn’t waiting for the transition. We know how to mitigate the threat: get a handle on the growing network inventory, complete the transition to Networx and meet the milestones of the TIC initiative. All we need now is for agencies to recognize the pressing security imperative of the Networx transition.

 

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Thu, Aug 19, 2010 Janice Taylor-Gaines Alexandria, VA

This is a GREAT article, despite the dismay of breaches and data insecurities, in that it keeps one of my pet concerns front and center: Security. Everyone needs to be a mini-Security Officer today. Most individuals and organizations enjoy Security largely as a matter of luck. For some free insight check out the blog, “The Business-Technology Weave” – you can Google to it. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. Keep “security” front and center! Great stuff.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group