[ISN] Countdown to 50

From: InfoSec News (alerts@private)
Date: Sun Apr 20 2008 - 22:27:02 PDT


http://www.gcn.com/print/27_8/46113-1.html

By John Rendleman
Government Computer News
04/14/08 issue

Federal civilian agencies are under the gun to re-engineer their 
networks by June 30 to comply with an ambitious Office of Management and 
Budget plan to improve information technology security through a 
dramatic reduction of Internet connections.

The Trusted Internet Connection (TIC) plan also includes an April 15 
deadline for agencies government wide to declare their capabilities and 
requirements to carry out the overhaul.

TIC requires the federal government to winnow its array of about 4,000 
Internet connections to roughly 50 highly secure gateways. OMB, which 
launched TIC in November 2007 in response to the surging frequency and 
sophistication of online assaults against federal systems, first 
estimated the number of Internet connections to be about 1,000. After 
gathering information from agencies, that number grew fourfold.

The TIC plan to create a more secure perimeter between Uncle Sam’s 
internal networks and the free-fire zone that dominates the external 
Internet echoes a project that the Defense Department launched seven 
years ago.

The new, secure perimeter, sometimes referred to as a demilitarized 
zone, would help federal IT managers improve their network traffic 
monitor capabilities.

Agencies also would be able to reduce the number of security appliances 
they use to filter data crossing into or out of federal networks.

The OMB proposal calls for the Homeland Security Department’s U.S. 
Computer Emergency Readiness Team to implement pivotal TIC operations.

For years US-CERT has operated a 24-hour operations center that monitors 
network activity across the federal government. Under TIC, the center 
will enforce network security via its suite of Einstein packet-filtering 
devices. USCERT uses the Einstein systems to keep malware out of federal 
networks and prevent sensitive government information from leaving.

The DHS network security response team built the Einstein systems using 
commercial and government software and hardware. The Einstein devices 
sit outside government firewalls to detect all traffic that affects 
federal systems, DHS officials said last year (GCN.com, Quickfind 1022).

Most security experts said the risks involved in the ambitious TIC 
deployment schedule and the difficulties posed by the network 
re-engineering plan would be more than offset by its likely 
effectiveness.

Many of the IT security analysts contacted for this article emphasized 
the urgent need for security upgrades to protect the federal 
government’s data infrastructure. Most security professionals agreed 
that the TIC security improvements and similar measures are long 
overdue.

“We should have done this five years ago, but there wasn’t the heart or 
the will then like there is now,” said Howard Schmidt, a former White 
House cyber security adviser. “The timetable is aggressive,” he said, 
but now there is a sense of urgency behind the program.

[...]



_______________________________________________      
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss



This archive was generated by hypermail 2.1.3 : Sun Apr 20 2008 - 22:37:30 PDT