Homeland Security approves Networx trusted Internet solutions

The Homeland Security Department has begun approving Networx carriers’ Managed Trusted Internet Protocol Services solutions for agency customers.

AT&T Government Solutions has won full approval. Qwest Government Services awaits only a start date. Verizon Federal Business and Sprint Nextel Federal Programs are expected to win approval in time to start in early January, according to a recent update from the General Services Administration.

“MTIPS services are about complete,” said the GSA Federal Acquisition Service’s director of network services Karl Krumbholz; the carriers will have built out their capabilities by the end of this year, and agencies will be able to take advantage of MTIPS services in the very near term.”

MTIPS solutions are being offered through GSA’s Networx Enterprise and Universal telecommunications contracts.

It’s been a long haul since November 2007 when then Office of Management and Budget Administrator Karen Anderson announced the Trusted Internet Connections (TIC) initiative.

AT&T was first, in December 2008, to win a contract modification from GSA for its MTIPS solutions. Qwest, Sprint and Verizon followed in the next few months.

Meeting all the criteria has been a complex task, Krumbholz said. “For both TIC and the MTIPS, DHS prescribed all the requirements that had to be met. We articulated those requirements and allowed the carriers to bid to that service. Once they got an award for the service, then DHS looked at it and asked: ‘Have you met all of the requirements?’

After winning approval from DHS, GSA must conduct a certification and authorization for that service. Only then can a carrier get a date to start offering agencies the service. “There’s a lot that has to be done before that service is fully available,” Krumbholz said.

GSA’s statement of work specifies that MTIPS comprises the network infrastructure to transport IP traffic between the agency enterprise wide-area network and the TIC portal; and that together they create an agency TIC Trusted Domain (DMZ) for IP traffic.

The solutions must comply with the Federal Information Security Management Act (FISMA), OMB’s Circular A-130 Appendix III — Management of Federal Information Resources, the National Information Assurance Certification and Accreditation Process, NIST SP 800-37 — Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems, and agency-specific requirements for Certification and Accreditation, as well as other criteria.

MTIPS solutions must include:

• A security operations center for agency protection.
• Sensitive Compartmented Information Facilities.
• Transport tunnel from agency WAN to TIC portal.
• Redundant Internet access service.
• Supply chain risk management requirements.
• Optional features to allow for agency unique requirements.
• Einstein 3 – Intrusion prevention capability.

The services also are subject to periodic DHS compliance assessments.

But for all the pages of requirements, what agencies will look for in an MTIPS solution is “an area in flux,” said Verizon Federal Business president Susan Zeleniak.

MTIPS is intended to have data filtered and inspected, she said, “but by DHS, not by the carriers.”

Details about the function of the Einstein device, which is provided by DHS, are classified but are widely believed to include deep packet inspection of data flowing over the network.

“Once we hit the Einstein device, DHS is the owner,” Zeleniak said. “We’re not collecting any data; we pass it through to DHS, the owner and inspector of the data.”

However, she added, “how much the agencies will want the carriers to get involved in [deep packet inspection] is still an open issue. We’re working with them, we’re talking with them, we attend a lot of joint collaborative meetings to talk about those issues, but for now, securing the actual Internet connection and flowing the data through an inspection point is our current role. We’ll have to see where that goes next.”