TIC initiative gathers speed
Deadine looms for agencies to submit plans for the Trusted Internet Connection initiative
Federal Chief Information Officer Vivek Kundra has given agencies until Sept. 25 to report to the Office of Management and Budget and the Homeland Security Department on their plans, progress and milestones in implementing the Trusted Internet Connections initiative.
The memo to federal CIOs, dated Sept. 17, asks agencies to notify OMB and DHS how they will implement TIC requirements. Agencies certified as a TIC access provider (TICAP) may handle their own services. Other agencies may contract for the services from an agency certified as a multiservice TICAP or through the General Services Administration’s Networx Enterprise and Universal contracts. Four Networx carriers are certified to provide TIC services under Networx as a Managed Trusted Internet Protocol Service (MTIPS).
Agencies also must “undertake immediate responsibility for executing essential agreements and updating” plans and progress toward facilitating not only TIC preparations, but also due diligence for integrating the National Cyber Protection System Einstein Enclave intrusion detection system deployments and synchronizing with US-CERT.
Kundra’s memo set deadlines ranging from this week until year’s end.
By Sept. 25:
- All agencies must send an update of their TIC implementation status to DHS.
- DHS has contacted the 20 agencies certified as TICAPs to get an update on their progress.
- TICAPs must schedule initial TIC compliance on-site assessments with DHS.
By Dec. 31:
- All other (non-TICAP) agencies must work with DHS to complete their initial TIC compliance self-assessments.
By Sept. 30:
- Agencies planning to meet the TIC requirements through the purchase of MTIPS on the General Services Administration’s Networx Enterprise and Universal contracts, must submit estimated costs of implementing those services.
Initiated in November 2007, OMB’s TIC initiative sought to reduce to 50 the number of secure Internet portals. That number was raised to 100 and, by this summer, unofficially stood at about 400.
In June 2008, 16 large agencies were certified to act as their own TICAPs, modeled after the shared-service provider concept in other consolidation initiatives. One agency met all critical technical capabilities to be a multiservice TICAP, and one agency met 90 percent of TIC capabilities to be a multiservice TICAP. The total number of agency TICAPs has since grown to 20.
Four of the five carriers on GSA’s Networx Enterprise and Universal contracts also won contract modifications
from OMB to provide MTIPS as a service under GSA’s Networx contracts. AT&T Inc., Qwest Communications Inc., Sprint Solutions Inc. and Verizon Communications Inc. have MTIPS awards; AT&T and Sprint expect to have services in agencies this year. Level 3 Communications Inc. withdrew from MTIPS consideration in January.
Providing the services to meet OMB’s TIC requirements is beyond the resources of most of the 144 agencies. They can look to multiservice TICAPs among agencies or to one of the four certified Networx carriers to provide the services, which require:
- An Einstein Enclave intrusion detection system.
- A security operations center.
- Transport from the agency WAN to the TIC portal.
- Redundant Internet access service.
- Supply chain risk management provisions.
- Other, optional features to meet unique agency requirements.
Sami Lais is a special contributor to Washington Technology.