http://www.gcn.com/print/27_8/46113-1.html By John Rendleman Government Computer News 04/14/08 issue Federal civilian agencies are under the gun to re-engineer their networks by June 30 to comply with an ambitious Office of Management and Budget plan to improve information technology security through a dramatic reduction of Internet connections. The Trusted Internet Connection (TIC) plan also includes an April 15 deadline for agencies government wide to declare their capabilities and requirements to carry out the overhaul. TIC requires the federal government to winnow its array of about 4,000 Internet connections to roughly 50 highly secure gateways. OMB, which launched TIC in November 2007 in response to the surging frequency and sophistication of online assaults against federal systems, first estimated the number of Internet connections to be about 1,000. After gathering information from agencies, that number grew fourfold. The TIC plan to create a more secure perimeter between Uncle Sam’s internal networks and the free-fire zone that dominates the external Internet echoes a project that the Defense Department launched seven years ago. The new, secure perimeter, sometimes referred to as a demilitarized zone, would help federal IT managers improve their network traffic monitor capabilities. Agencies also would be able to reduce the number of security appliances they use to filter data crossing into or out of federal networks. The OMB proposal calls for the Homeland Security Department’s U.S. Computer Emergency Readiness Team to implement pivotal TIC operations. For years US-CERT has operated a 24-hour operations center that monitors network activity across the federal government. Under TIC, the center will enforce network security via its suite of Einstein packet-filtering devices. USCERT uses the Einstein systems to keep malware out of federal networks and prevent sensitive government information from leaving. The DHS network security response team built the Einstein systems using commercial and government software and hardware. The Einstein devices sit outside government firewalls to detect all traffic that affects federal systems, DHS officials said last year (GCN.com, Quickfind 1022). Most security experts said the risks involved in the ambitious TIC deployment schedule and the difficulties posed by the network re-engineering plan would be more than offset by its likely effectiveness. Many of the IT security analysts contacted for this article emphasized the urgent need for security upgrades to protect the federal government’s data infrastructure. Most security professionals agreed that the TIC security improvements and similar measures are long overdue. “We should have done this five years ago, but there wasn’t the heart or the will then like there is now,” said Howard Schmidt, a former White House cyber security adviser. “The timetable is aggressive,” he said, but now there is a sense of urgency behind the program. [...] _______________________________________________ Subscribe to the InfoSec News RSS Feed http://www.infosecnews.org/isn.rss
This archive was generated by hypermail 2.1.3 : Sun Apr 20 2008 - 22:37:30 PDT