[Infowarrior] - U.S. Internet security plan revamped

Richard Forno rforno at infowarrior.org
Mon Feb 15 15:35:37 UTC 2010 

ttp://www.networkworld.com/news/2010/021110-cybersecurity-defense-revamped.html

U.S. Internet security plan revamped
Consolidation of Internet connections loses favor under Obama  
administration; standard security tools deployed
By Carolyn Duffy Marsan, Network World
February 11, 2010 08:01 AM ET

The U.S. government is shifting its strategy for defending federal  
networks against a rising tide of hacking attacks launched by foreign  
governments and criminals.
Instead of focusing on consolidating external Internet connections  
that civilian agencies operate -- which number in the thousands -- the  
Office of Management and Budget is directing agencies to deploy a  
standard set of security tools and processes on all of their Internet  
connections.

The shift represents a new direction for the federal Trusted Internet  
Connections (TIC) Initiative, which was launched by the Bush  
administration in November 2007.

The Bush administration's original goal was to reduce the number of  
external Internet connections operated by civilian agencies from more  
than 8,000 down to 50. Standard security software -- including  
antivirus, firewall, intrusion detection and traffic monitoring -- was  
to be deployed on the remaining connections.

The Obama administration has changed the emphasis of the TIC  
Initiative, focusing more on security controls than on network  
consolidation.

"Despite the whole TIC Initiative, there are probably as many points  
of Internet connection as there used to be," says Diana Gowen, senior  
vice president of Qwest Government Services. "The new administration  
is less concerned with the number, and more concerned about getting  
them protected."

Gowen pointed out that the Defense Department has an ongoing  
procurement to purchase more than 4,000 Internet connections  
worldwide. "So clearly the focus isn't on consolidation," she adds.

AT&T wins $5M cyber security deal with FTC|
AT&T, Verizon, other carriers eyeing federal government cybersecurity  
deals

Bill White, vice president of federal sales at Sprint, says he  
believes the TIC Initiative will eventually result in consolidation of  
federal networks, although not down to 50 Internet connection points.

"Out of the gate, we thought there would be significant  
consolidation," White admits. "At the end of the day, I think there  
still will be. But I think the agencies are becoming more realistic  
and flexible about consolidation."

Federal agencies are under the gun to meet the requirements of the TIC  
Initiative in 2010, as well as to receive the benefits of the  
Department of Homeland Security's companion Einstein software, which  
provides another layer of cyberdefense. (See "Einstein 2: U.S.  
government's 'enlightening' new cybersecurity weapon".)

Reordering priorities
The TIC Initiative was conceived to reduce the number of external  
Internet access points operated by civilian agencies, establish  
baseline security practices for the remaining access points, and  
migrate agency traffic to flow through the approved access points.

"What we've done is not really change what the goals are, but simply  
reorder them," explains Sean Donelan, program manager of network and  
infrastructure security at the Department of Homeland Security (DHS).  
"We talk about establishing the baseline security practices first for  
all the approved TIC access points…Then all of the agency connectivity  
will come through these access points."

Donelan admits that there's less focus on network consolidation these  
days, and more discussion of security practices.

"We're trying to move away from trying to focus on the number of  
connections," Donelan says. "The consolidation piece is still a goal;  
it's still a part of the program. But it is not being done to simply  
eliminate connections."

Donelan expects to have more than half of civilian agency network  
traffic flowing through TIC-compliant access points by the end of 2010.

"We're still working with the agencies to come up with a date at which  
70%, 80% or 90% of the traffic goes through TICs," Donelan says,  
adding that the migration process could take three to five years.  
"Sometimes, there are big legacy applications that may have to be  
changed."

Donelan says the number of external Internet connections operated by  
the federal government is less important than having secure access  
points.

"Rather than focusing on a single number, we're focusing on the  
mission of securing federal networks," Donelan says. "Even if we got  
down to 50 or 100 external Internet connections, the number would  
probably go up or down over the course of the year as agency missions  
change."

One aspect of the TIC Initiative that hasn't changed under the Obama  
administration is that the program is still focused on    deploying  
network security services consistently across civilian agencies.

Most civilian agencies already have antivirus and other security  
software mandated by the TIC Initiative. But the TIC Initiative  
requires that these services be deployed uniformly, with synchronized  
time stamps and standard logging procedures.

The TIC Initiative also will provide a common feed of information  
about cyberattacks to the U.S. Computer Emergency Readiness Team (US- 
CERT).

"Another big benefit of the TIC Initiative is that it will give a  
consistent view to the folks in government that are worried about  
[cybersecurity]," says Jeff Mohan, Networx program director for AT&T  
Government Solutions. "US-CERT will get the same type of feed from  
every agency and telecom provider. One of the things they have done is  
make the interface and the information being transferred very specific  
and very consistent."

The TIC Initiative won't detect or eliminate all hacking attempts; for  
example, it doesn't prevent distributed denial-of-service attacks. But  
the extra layers of network security services it provides and the  
consistent way they are being applied  should help agencies block e- 
mail-based attacks such as viruses, worms and malware.

"This is a better mousetrap," White says of the TIC Initiative. "I  
think it will provide a higher level of assurance that we can keep the  
bad guys out. And to the extent there is an incident, I think we'll be  
in a better position to react with the agency and the US-CERT to limit  
the risk."

Donelan says the bottom line benefit of the TIC Initiative is  
governmentwide situational awareness.

"No single agency can do everything themselves, especially when we're  
dealing with this kind of threat environment," Donelan says. "Even the  
most sophisticated agencies, there are sometimes [attack patterns]  
they can't see."

More information about the Infowarrior mailing list