Networx key to security initiative

Many agencies will rely on the governmentwide Networx telecommunications and network contract to put into service a reduced number of external Internet connections, according to the Office of Management and Budget. Under the Trusted Internet Connections (TIC) initiative, agencies are in the process of decreasing the number of Internet gateways to fewer than 100 governmentwide. Agencies must have the TICs operational by the latter part of 2009, said Karen Evans, OMB’s administrator for e-government and information technology. The number of connections now stands at 79 but could change as some agencies provide more information and vendors establish TIC services, she said, discussing a July 10 status report.“A lot of this is tied as agencies migrate from their current telecommunications service to Networx,” Evans said. Agencies’ statements of work are due at the General Services Administration by Sept. 30.Evans expects that in November the vendors who meet the technical requirements that GSA developed will have their Networx contract modified to add TIC services.When fully implemented, the TIC effort should improve the federal government’s information security environment by making it easier to monitor data traffic entering and exiting agencies’ connections, OMB said. To assess agencies’ TIC progress, OMB included associated capabilities that are being added at the same time, such as contingency planning, compliance with Homeland Security Presidential Directive 12 and two-factor authentication, and the logging and verifying of sensitive data, Evans said.Alan Paller, research director at the SANS Institute, said he expects the next administration to place the same — or greater — emphasis on TIC and other security initiatives that the current administration does.“There’s no partisanship in it. It’s clearly in the national interest,” Paller said. “No one will let up on the agencies because it matters.”Last year, a fundamental shift occurred in the administration’s view of security vulnerabilities when senior agency leaders were informed of the vulnerable state of federal networks during classified briefings. TIC was one of the efforts to re-engineer the security of federal networks, Paller said.  “I think TIC and more will be pushed,” he said. “It will not be hard for the next administration to go in with a baseball bat.”