OMB to limit number of Internet connections for agencies

The Office of Management and Budget wants to reduce the number of Internet connections across government to 50 by June. Under a new Trusted Internet Connections initiative, which OMB will kick off with a governmentwide meeting Nov. 30, agencies will have to develop a plan of action and milestones by Jan. 8 on how they will reduce the number of Internet connections. Clay Johnson, OMB’s deputy director for management, announced the new program Nov. 20 in a memo to agency leaders. He wrote that the Trusted Internet Connections initiative will “optimize our individual network services into a common solution for the federal government.” Johnson said with the progress made under the Security Line of Business initiative, the General Services Administration’s award of the Networx telecommunications contract and the Federal Desktop Core Configuration implementation project, agencies have a unique opportunity to improve their network delivery capabilities. The memo also will require agencies to use the Homeland Security Department’s U.S. Computer Emergency Response Team Einstein program to improve their response capabilities. The White House requested an additional $115 million Nov. 6 to expand the Einstein program under the DHS fiscal 2007 appropriations bill. “This is an essential step because the Federal Information Security Management Act-based defenses have failed to stop the attackers from getting inside agencies,” said Alan Paller, director of research at the SANS Institute. “Once they are inside, only very sophisticated monitoring can hope to find the infections.”Warren Suss, president at Suss Consulting, said he is not sure if the new initiative is what agencies need right now. “OMB must be careful with the new initiative to avoid layering yet one more mandate on agencies who are working hard to address a very real security threat,” Suss said. “Centralization is not necessarily the answer because agencies have needs for redundancy for the Internet and can have unique requirements. To limit the number of Internet connections to a target of 50 could be an overreaction to the cybersecurity problem and it has potential to create more problems than it solves.” He added that agencies have network design and architecture challenges that could be limited under this program. Agencies already are trying to meet the June deadline to implement IPv6 on their networks’ backbone. OMB officials also have touted IPv6 has a way to improve agencies' defenses against cyberattacks. “Agencies at some point need to take responsibility for security and the management of their technology,” Suss said. “There are very serious threats out there and I don’t mean to minimize them, but forcing yet another constraint on the solution may do more harm than good.”