Letter to the editor
The GovNet request for information specifically states that there will be
no interconnections or gateways to the Internet or other public or private
networks and that GovNet will provide private intranet data connectivity
within the contiguous 48 United States ["Clarke seeks immune intranet," FCW.com, Oct. 11].
The intent of this was to ensure that GovNet would not be susceptible
to traditional risks associated with Internet-based connectivity. The obvious
purpose of network-based technologies is to provide interconnectivity between
two or more hosts for the purpose of information transfer. With that said,
the fundamental problem is that many of the critical unclassified applications
that the government depends on will reside outside of the purview of GovNet
and traditional government organizations.
The first instinct during a time of crisis is to build walls. This instinct
may be appropriate, depending on how critical the information resources
are. However, this isolationist approach for sensitive but unclassified
data will ultimately only inhibit the federal government from partnering
with industry in support of mission-critical functions. Additionally, migration
of mission-critical applications and business processes from the "as is"
to the "to be" computing environment will take significant time.
By leveraging a "defense in depth" strategy and Draconian control mechanisms,
GovNet may provide for stringent access controls between community-of-interest
domain interconnections (e.g. the Internet, Secret Internet Protocol Router
Network). These access controls can be similar to those imposed between
the SIPRNET and the Non-Classified Internet Protocol Router Network within
the Defense Department. This type of interconnectivity may represent an
acceptable risk proposition that results in significant return on capability.
In this manner, GovNet becomes the eventual foundation that federal
government organizations build on for their traditional daily information
technology services. The centrally controlled GovNet allows federal agencies
that possess mature, security-centric business processes and culture to
migrate faster to the "to be" environment while maintaining their ability
to interact with other agencies that are taking longer to effect meaningful
Interconnectivity between GovNet and the Internet can be limited and
tightly controlled by network operation security centers. Specific limitations
can be placed on the ports and protocols that transition the Internet gateways.
Standard policies could block items such as mobile code and e-mail attachments.
The specific policies and level of acceptable risk would be identified by
the security division of the Office of Homeland Security.
This approach also supports the creation of a secure electronic commerce
environment through the establishment of a GovNet demilitarized zone. This
DMZ could facilitate various portal-based technologies designed to support
secure interaction between the federal government and those entities that
officials wish to conduct business with on the Internet. Once again, these
gateways are tightly controlled and provide only specific security-centric
access to GovNet from the untrusted network domains.