Why the Networx transition is a security imperative

David Hughes is managing partner and co-founder of TurningPoint Global Solutions.

Agencies that are behind in transitioning their telecommunications services to the Networx contract could be costing themselves more than they realize.

Experts say the transition from FTS 2001 to Networx is inherently complex, partially because the new telecom program offers so many more features. But one of the critical features is a set of security offerings that agencies cannot afford to do without.

Since FTS 2001 established the basic framework for telecom services across the government, a transformation has occurred in technology and cyber threats. The Government Accountability Office recently reported that almost all 24 major federal agencies had weaknesses in information security controls.

Even a minor loss of data could be costly. In April, the American National Standards Institute released a report on the financial management of cyber risk in which it estimated the cost of an average data breach of 10,000 records as $1.5 million, or $150 per record. For a government entrusted with the records of 300 million Americans, the potential cost of a data breach is in the tens of billions of dollars.

To combat that threat, industry has developed new technologies, and government has enacted new policies. However, some of those technologies are available only through Networx. One such program is the Trusted Internet Connections initiative.

Begun in November 2007 — concurrent with the Networx transition — the initiative has a simple task: reduce vulnerability by reducing the number of Internet gateways to federal systems. Since then, agencies have reduced their external connections by nearly 50 percent. However, according to the latest GAO report, none of the major agencies and departments has met all the requirements of the TIC initiative. Acquiring telecom connectivity via Networx is one of the six major milestones of the program.

The security imperative is not lost on members of the Senate Homeland Security and Governmental Affairs Committee. In March, Sens. Joe Lieberman (I-Conn.) and ranking member Susan Collins (R-Maine) wrote an open letter to Attorney General Eric Holder expressing their concern about the delay in the Networx transition. It “is of particular concern given the security of federal networks and the opportunities to use new technologies to assist agencies in strengthening their cyber defenses,” they wrote.

Much of the delay in gaining connectivity via Networx is because most agencies don’t have a clear idea of what kind of network connections they have. Beginning in 2007, a snapshot inventory was taken of every telecom connection — known as the Transition Baseline Inventory. However, each time the inventory grows, the snapshot is invalidated, making the transition even harder. In fact, since 2007, the inventory has grown by more than 25 percent.

As agencies fall behind in tracking their telecom assets, they slow the transition to more secure technologies and critical programs, such as TIC. They also underscore the troubling reality that they don’t really know what communications systems they have. If you don’t know what you have, how can you know what your vulnerabilities are?

What we do know is that the threat to our networks is real — and it isn’t waiting for the transition. We know how to mitigate the threat: get a handle on the growing network inventory, complete the transition to Networx and meet the milestones of the TIC initiative. All we need now is for agencies to recognize the pressing security imperative of the Networx transition.