Yesterday the Office of Management and Budget (OMB) announced that it will no longer pursue the Trusted Internet Connect (TIC) initiative first announced in November 2007. TIC was considered one of the cybersecurity efforts making up the Comprehensive National Cybersecurity Initiative (CNCI) which was born out of National Security Presidential Directive (NSPD) 54 and Homeland Security Presidential Directive (HSPD) 23 in January 2008.
Unless you are somewhere between Foggy Bottom and Independence Ave. SE you are probably confused by all of these acronyms so allow me to explain.
Back in 2007 there were thousands of Internet connections across the Federal government. This was viewed as a tremendous problem since each connection was a potential ingress point for malicious code and hacker attacks. TIC proposed a simple solution to the problem — decrease the number of Internet connections to as few as possible and then secure the heck out of the remaining connections.
I believe the ultimate goal was to reduce the thousands of Internet connections to something like 50. Throughout 2008 and 2009 the Feds boasted about the tremendous progress they were making.
Okay now fast forward to yesterday. OMB throws the TIC baby out with the bath water and announces that it will no longer reduce the number of Internet connections but rather improve security requirements at all Internet ingress/egress points. OMB goes on further to say that the number of Internet connections in 2010 was roughly the same as in 2007. Diane Gowen, SVP of Qwest Government Services summed this up as follows: “Despite the whole TIC Initiative, there are probably as many points of Internet connection as there used to be. The new administration is less concerned with the number, and more concerned about getting them protected.”
Back in 2007, many security professionals (including me) thought that TIC was completely misguided because:
The crime here is that it took 3 years and tens, if not hundreds, of millions of taxpayer dollars to ramp up TIC — and then totally reverse course. Someone should be held accountable.
I predict that the next shoe to drop will be some type of pull-back from the Einstein Project — a DHS/US Cert/Carnegie Mellon science project that could have easily been built with commercially available software from ArcSight, NetWitness, Nitro Security, Q1 Labs, RSA or dozens of others.
I’m sure President Obama’s Cybersecurity Coordinator, Howard Schmidt, is rolling his eyes at these recent events and the demise of TIC. Let’s hope he introduces some pragmatism into high priced Federal cybersecurity plans before we waste another few hundred million.
Related posts:
Tags: CNCI, Comprehensive National Cybersecurity Initiative, Cybersecurity, Cybersecurity coordinator, Federal Government, Howard Schmidt, OMB, President Obama, TIC, Trusted Internet Connect
Sir –
How could you have received “official” word of this cyber policy change from OMB on a day the fed govt was CLOSED due to winter storms in DC?
Jon:
Howard is “pragmatic” indeed.
Even when he is consulting directly to an “insider threat.”
http://www.PrintcafeSecuritiesFraud.com/#HowardSchmidt
Beam me up!
Hmmmm……have not been able find this policy reversal in writing anywhere. When was it announced and has the OMB M-08-27 been recinded? We are still getting asked for info from HHS HQ so not sure where the communications gap is.
You know you are way off base…..And you don’t source anything in our “article” You are the perfect example of what’s wrong with bloggers…
The fact is DHS and OMB are still pursuing TIC and the Federal Trade Commission just awarded AT&T a $5 million contract to implement TIC services through the GSA Networx contract.
Next time try checking your facts before writing an article…you know like a journalist would do.
Name (required)
Mail (will not be published) (required)
Website
Your email: