The U.S. government is shifting its strategy for defending federal networks against a rising tide of hacking attacks launched by foreign governments and criminals.
Instead of focusing on consolidating external Internet connections that civilian agencies operate -- which number in the thousands -- the Office of Management and Budget is directing agencies to deploy a standard set of security tools and processes on all of their Internet connections.
The shift represents a new direction for the federal Trusted Internet Connections (TIC) Initiative, which was launched by the Bush administration in November 2007.
The Bush administration's original goal was to reduce the number of external Internet connections operated by civilian agencies from more than 8,000 down to 50. Standard security software -- including antivirus, firewall, intrusion detection and traffic monitoring -- was to be deployed on the remaining connections.
The Obama administration has changed the emphasis of the TIC Initiative, focusing more on security controls than on network consolidation.
"Despite the whole TIC Initiative, there are probably as many points of Internet connection as there used to be," says Diana Gowen, senior vice president of Qwest Government Services. "The new administration is less concerned with the number, and more concerned about getting them protected."
Gowen pointed out that the Defense Department has an ongoing procurement to purchase more than 4,000 Internet connections worldwide. "So clearly the focus isn't on consolidation," she adds.
Bill White, vice president of federal sales at Sprint, says he believes the TIC Initiative will eventually result in consolidation of federal networks, although not down to 50 Internet connection points.
"Out of the gate, we thought there would be significant consolidation," White admits. "At the end of the day, I think there still will be. But I think the agencies are becoming more realistic and flexible about consolidation."
Federal agencies are under the gun to meet the requirements of the TIC Initiative in 2010, as well as to receive the benefits of the Department of Homeland Security's companion Einstein software, which provides another layer of cyberdefense. (See "Einstein 2: U.S. government's 'enlightening' new cybersecurity weapon".)
The TIC Initiative was conceived to reduce the number of external Internet access points operated by civilian agencies, establish baseline security practices for the remaining access points, and migrate agency traffic to flow through the approved access points.
"What we've done is not really change what the goals are, but simply reorder them," explains Sean Donelan, program manager of network and infrastructure security at the Department of Homeland Security (DHS). "We talk about establishing the baseline security practices first for all the approved TIC access points…Then all of the agency connectivity will come through these access points."
Donelan admits that there's less focus on network consolidation these days, and more discussion of security practices.
"We're trying to move away from trying to focus on the number of connections," Donelan says. "The consolidation piece is still a goal; it's still a part of the program. But it is not being done to simply eliminate connections."
Donelan expects to have more than half of civilian agency network traffic flowing through TIC-compliant access points by the end of 2010.
"We're still working with the agencies to come up with a date at which 70%, 80% or 90% of the traffic goes through TICs," Donelan says, adding that the migration process could take three to five years. "Sometimes, there are big legacy applications that may have to be changed."
Donelan says the number of external Internet connections operated by the federal government is less important than having secure access points.
"Rather than focusing on a single number, we're focusing on the mission of securing federal networks," Donelan says. "Even if we got down to 50 or 100 external Internet connections, the number would probably go up or down over the course of the year as agency missions change."
One aspect of the TIC Initiative that hasn't changed under the Obama administration is that the program is still focused on deploying network security services consistently across civilian agencies.
Most civilian agencies already have antivirus and other security software mandated by the TIC Initiative. But the TIC Initiative requires that these services be deployed uniformly, with synchronized time stamps and standard logging procedures.
The TIC Initiative also will provide a common feed of information about cyberattacks to the U.S. Computer Emergency Readiness Team (US-CERT).
"Another big benefit of the TIC Initiative is that it will give a consistent view to the folks in government that are worried about [cybersecurity]," says Jeff Mohan, Networx program director for AT&T Government Solutions. "US-CERT will get the same type of feed from every agency and telecom provider. One of the things they have done is make the interface and the information being transferred very specific and very consistent."
The TIC Initiative won't detect or eliminate all hacking attempts; for example, it doesn't prevent distributed denial-of-service attacks. But the extra layers of network security services it provides and the consistent way they are being applied should help agencies block e-mail-based attacks such as viruses, worms and malware.
"This is a better mousetrap," White says of the TIC Initiative. "I think it will provide a higher level of assurance that we can keep the bad guys out. And to the extent there is an incident, I think we'll be in a better position to react with the agency and the US-CERT to limit the risk."
Donelan says the bottom line benefit of the TIC Initiative is governmentwide situational awareness.
"No single agency can do everything themselves, especially when we're dealing with this kind of threat environment," Donelan says. "Even the most sophisticated agencies, there are sometimes [attack patterns] they can't see."