TRENDING:

The Public Eye with Eric Chabrow

TIC Initiative: By the Numbers

Eric Chabrow (GovInfoSecurity) • February 27, 2010    
TIC Initiative: By the Numbers

It's not quite like pulling teeth, but the Obama administration doesn't like to discuss hard numbers when addressing the federal government's Trusted Internet Connection initiative, commonly known as TIC, that the Bush White House initiated in a November 2007 Office of Management and Budget memorandum.

At that time, an estimated 8,000 connections existed between federal executive branch information networks and the Internet, and the thinking was that the government could improve cybersecurity by drastically reducing the number of access points on the theory that fewer connections make it easier to identify potentially malicious traffic. The goal was to reduce the Internet access points to 50 by June 2008. An ambitious yet eventually impossible goal to attain.

So, how many TIC connections exist today? I asked Matt Coose, director of federal network security at the Department of Homeland Security's National Cybersecurity Division. Coose responded:

"One of the things we're trying to get folks to focus on is a little bit less on the actual number of connections ... and more on the consolidation aspects."

And for most of our conversation, Coose focused on the "Trusted" facet of TIC, saying what matters most is not the number of Internet access points but the quality of the Internet access points. The initiative specifies that each TIC adhere to 51 critical capabilities, including implementing the Einstein intrusion detection system. TIC 2.0 will be architected to employ the upgraded Einstein 2.

Being a pig-headed journalist, I kept asking Coose for the numbers, and he relented with some caveats. For instance, he said, precise numbers are hard to determine because of the flux caused by the migration away from less secure access points, including the need to change vendors..

As to the numbers, here's what Coose revealed:

  • Eventually, executive branch agencies will connect to the Internet through 80 to 100 TICs, not the 50 envisioned by the Bush White House.
  • About 50 TIC access points exist today.
  • Executive branch agencies still use some 2,000 non-TIC Internet access points.
  • By the end of December, about 80 percent of executive branch Internet traffic should pass through a TIC.
  • It could take years before the remaining 20 percent of executive branch traffic to connect via a TIC.

The goals Coose outlined seem more realistic than those set by the Bush administration. And, conceivably they'll be achieved. But IT projects such as TIC - whether in government or the private sector - are complex, and meeting deadlines too often prove to be the exception and not the rule. I guess we'll know a year from now if Coose's estimates were correct. Of course, he'll say - and perhaps rightly so - that it's not the numbers but the quality of the connections that count.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.