With Internet gateways, less is more

A decision by the Office of Management and Budget to sharply reduce the number of Internet gateways governmentwide has created anxiety among some federal employees worried about being able to access Web sites. OMB officials said they are working to allay those fears. Karen Evans, OMB’s administrator for information technology and e-government, said employees who manage Web sites or other online services would not notice a difference from having fewer gateways to the Internet “if we do this right.” The gateway consolidation initiative, which the administration launched last month under the name Trusted Internet Connections (TIC), will add to the workload of chief information officers. A June deadline for agencies to consolidate their Internet connections coincides with another OMB deadline. June is also when agencies must upgrade their backbone networks to run the next-generation Internet protocol, IPv6. A primary purpose of both projects is to make federal networks more secure. “The [TIC] initiative is saying, ‘We have to know what we own in order to protect it,’ ” Evans said. “We also must know we are managing risk at an acceptable level.” Evans said the federal government has more than 1,000 gateways to the public Internet. The target number is 50, but that is not an absolute number, she said. “We know 1,000 or more is not the way to do it. At a minimum, 50 is two per department.” Fifty gateways is a reasonable number, Evans said, adding that the Defense Department has reduced its Internet gateway count to 18. The Homeland Security Department expects to have only two Internet gateways after it completes its OneNet initiative. “The 50 or so points of presence [would] become the perimeter of the federal government,” Evans said. David Wennergren, DOD’s deputy CIO, said at a governmentwide meeting Dec. 10 that the department’s effort to consolidate its Internet gateways was difficult but achievable. From that experience, he said, DOD learned that agency CIOs must be in charge of the consolidation and that agencies should establish a compliance validation process and a waiver process for exceptions. Evans recently gave CIOs further guidance on the TIC initiative and convened the meeting Dec. 10 to explain OMB’s recent security initiatives. She said rumors that all federal government Internet traffic would be routed through DHS’ OneNet are untrue. OMB’s latest guidance on implementing TIC outlines five steps agencies should take to develop plans of action and milestones by Jan. 8. Evans said that once agencies identify how many public gateways they have and how many they need in the future, they may discover they can use shared-service providers for some or all of those Internet connections. Agencies may need to use shared service providers to obtain connections outside their main offices, she said. “We will look at who is managing the connections, how many and what is the best solution,” Evans said. OMB will manage the TIC project under its Security Line of Business initiative, an umbrella program it has used to standardize and consolidate information security training and IT security reporting that OMB requires of agencies to comply with the Federal Information Security Management Act. Vendors on the General Services Administration’s Networx telecommunications contracts would qualify as trusted Internet gateway providers, according to a government official who attended the Dec. 10 meeting but did not want to be identified because the meeting was closed to the public.