Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 12/10/07 issue

OMB to reduce federal gateways

Plan to boost security could create shared services for connectivity

By Jason Miller

IN AN AMBITIOUS PLAN TO reduce federal networks’ exposure to hackers, the Office of Management and Budget wants to cut to 50 the total number of external connectivity points — including Internet connections — for all federal agencies.

OMB’s new initiative, called Trusted Internet Connections, requires agencies to develop a plan of action by Jan. 8 for reducing the number of connection points they maintain to the Internet. Agencies must consolidate the number of external gateways to a handful each, perhaps by setting up shared-service centers with other agencies. A gateway, or Internet point of presence, is a physical location with servers, routers and switches through which a network connects to the Internet.

The consolidation must be complete by June. The Homeland Security Department’s National Cyber Security Division will oversee the initiative.

A Nov. 20 memo from OMB Deputy Director for Management Clay Johnson introduced TIC. A governmentwide meeting in Washington followed Nov. 30, at which Karen Evans, OMB’s administrator for e-government and information technology, detailed the plans.

Today, agencies have more than 1,000 external connections to the Internet not counting those maintained by contractors, Evans said at the meeting, according to a government official who attended but did not wish to be identified. Each point of presence will be monitored by multiple security applications and appliances, such as the U.S. Computer Emergency Readiness Team’s Einstein Monitoring Program. OMB wants agencies to strongly consider using GSA’s Networx telecommunications contract to comply with TIC.

“This is an essential step because Federal Information Security Management Act-based defenses have failed to stop the attackers,” said Alan Paller, director of research at the SANS Institute.

“Once they are inside, only very sophisticated monitoring can hope to find the infections.”

Richard Burk, OMB’s former chief architect and now a consultant, said reducing the number of Internet connections shouldn’t be too difficult: The Defense Department and DHS have already made the move.

“I’ve been told that if the Pentagon can reduce the .mil domain to 18 connections and DHS can get down to two connections, it seems reasonable for the rest of government to consolidate,” Burk said. “If that is the case, such consolidation would optimize the use of USCERT and the investment of $115 million into it. Internet connections are a commodity item which should be treated as a service and purchased as such.”

More news on related topics: Communications / Networks, IT Security, Web Strategies



GCN Popup