Agencies hit security mark

The June 30 deadline is approaching for Trusted Internet Connections (TIC) and the Federal Desktop Core Configuration (FDCC) has arrived, and now agencies are preparing to move past the starting line.

Under TIC, agencies consolidated and reduced the number of external connections to the Internet and began to monitor the traffic passing through the remaining nodes, said Mike Smith, program manager of the Information System Security Line of Business at the Homeland Security Department’s National Cyber Security Directorate.

Agencies now await decisions by the Office of Management and Budget on plans they submitted for further gateway reductions. The plans also include agencies’ assessments of whether they can do that work themselves or need another agency or a contractor to provide the services. OMB’s target is to have only 100 Internet connections governmentwide. OMB’s preliminary estimates indicate that the agencies’ plans would reduce the number to 235, Smith said. There were more than 4,300 gateways before TIC.

“We’re actively in the process of developing implementation plans regardless of who is designated as what. We still have to go through this process of understanding how we’re going to implement TIC,” Smith said at a June 25 cybersecurity conference sponsored by the Digital Government Institute.

Tom Kellermann, vice president of security awareness at Core Security Technologies, said TIC and other OMB initiatives are tremendous leaps forward toward a defense-in-depth strategy, but TIC access providers should undergo regular penetration testing to identify weak points. 

“Closing ports to limit access and to increase intrusion detection is significant, but the access providers still provide a weak link in the chain of security, and their security assurance should be regularly vetted,” he said.

The National Institute of Standards and Technology has released updated security settings for agencies to adopt when they update PCs to Windows XP and Vista operating systems under FDCC. NIST made the changes in the settings in response to public comments and analysis of agency reports on their experiences implementing the settings. The settings provide a standard desktop view so agencies can make security improvements, such as virus patches, faster and more effectively.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.