The largest U.S. carriers -- including AT&T, Qwest and Sprint -- are deploying special-purpose, intrusion-detection systems dubbed Einstein boxes in their networks as part of an 18-month-old effort to tighten security on federal networks.
Developed by the Department of Homeland Security (DHS), the Einstein software provides real-time monitoring and analysis of Internet traffic flowing in and out of federal agency networks. Einstein is an early warning system designed to detect worms and other malicious code entering federal networks. Einstein 3.0 is under development by the U.S. Computer Emergency Readiness Team.
Carriers are deploying Einstein systems as part of the federal Trusted Internet Connections Initiative, which aims to reduce the number of Internet access points operated by federal agencies and to protect the remaining Internet access points with a standard suite of managed security services.
Only U.S. federal government Internet traffic -- not commercial or personal Internet traffic -- will pass through the Einstein systems for inspection, carriers say.
The U.S. General Services Administration has awarded contracts to three carriers that involve deploying Einstein systems. In April, GSA awarded contracts to Qwest and Sprint to provide what it calls Managed Trusted Internet Protocol Services, (MTIPS). AT&T won a similar contract last December.
Verizon Business and Level 3 Communications say they expect to receive MTIPS contracts from GSA soon. GSA is awarding the MTIPS contracts through its massive Networx program, a 10-year, $20 billion federal telecom deal held by these carriers.
To meet the U.S. government's cybersecurity requirements, Qwest says it is using its MPLS transport infrastructure to move federal network traffic into special CyberCenters, where the traffic will pass through secure, redundant gateways including Einstein systems. In these CyberCenters, Qwest will apply managed security services including firewall policy enforcement, IDS, antivirus, antispam and e-mail scanning.
"The whole MTIPS initiative is about taking our civilian agencies and getting them up to the level of the intelligence community and the Defense Department" in terms of cybersecurity, says Diana Gowen, senior vice president and general manager of Qwest Government Services.
Gowen says Qwest is building out secure enclaves in its network and deploying Einstein and other security gateways.
"We should have most of what we need to do from a hardware and equipment perspective racked, stacked and tested by July," Gowen says, adding that the U.S. government will then certify and accredit the carrier's MTIPS services. "Our plan is to be done by the end of the third quarter, and then we can provide services to the government in…October."
Qwest has a handful of customers including several Treasury Department agencies already signed up for its MTIPS services.
Jeff Mohan, executive director of AT&T's Networx Program Office, says AT&T has received multiple orders for MTIPS services. AT&T hopes to have its MTIPS solution certified in August.
"MTIPS is a sweet spot for us," Mohan says. "It takes advantage of capabilities that we have developed in the security arena for large, multinational corporations. We're pretty excited about it."
Carriers like AT&T and Qwest are gearing up for a significant amount of business from their MTIPS contracts because of how the federal TIC initiative has evolved in recent months.
The Office of Management and Budget (OMB) originally hoped to reduce the number of federal Internet access points from 8,000 to less than 100, but agency staff backed off when they realized this goal was too aggressive. Carriers also complained that the original plan would put large federal agencies in the position of operating as ISPs for smaller agencies, thereby competing against them to provide managed security services to the federal market.
Now OMB is going to allow only a handful of the largest federal agencies to operate their own secure Internet access points, while the rest of the civilian agencies are expected to buy MTIPS services from the carriers.
Level 3 is negotiating with GSA to offer MTIPS services, but spokesman Skip Thurman says he'd like to see more information from OMB about how the TIC initiative will change under the Obama Administration.
"Last year, a number of agencies were approved by OMB to self provide a TIC compliant solution," Thurman says. "This information has not been generally released, so it is unclear for Networx vendors what services should be discussed with what agencies."
Bill White, vice president of federal programs at Sprint, says he expects to have MTIPS services available to federal agencies within 120 days.
"We're going through the internal processes of building the solution and working with the GSA and the DHS and an outside party to get our MTIPS solution environment certified and accredited," White says.
White says it will be less expensive for federal agencies to buy bundled MTIPS services from a carrier than to build comparable cybersecurity capabilities.
"We will charge a small premium over a standard dedicated circuit because of the extra security services. But given all that you get, it's a great deal," White says. "Agencies are crazy not to buy the bundle."
Gowen says the next push for MTIPS providers like Qwest will be getting critical U.S. industries such as defense contractors, electric utilities and water companies to buy similar Internet security services.
"If you think about the power grids being attacked, this kind of service is applicable to them," Gowen says. "All of us have great potential to build a good commercial base using the capabilities that we're developing for the federal government….Having trusted enclaves makes sense, and there's a huge need for it."