Monday, December 22, 2008

Trusted Internet Connections (TIC): Gated Communities and Ostriches

Various colleagues at InfraGard and elsewhere have been hitting my telephone and email inbox asking my thoughts on the "Security Cyberspace for the 44th Presidency" report, and the Comprehensive National Cyber Security Initiative (CNCI), established by National Security Presidential Directive 54 and Homeland Security Presidential Directive 23. I agree with my friend Joseph Concannon that these are things we should all be discussing and to which we should be reacting.

As one of the included initiatives that has been widely discussed, I'd like to start by asking some questions about the Trusted Internet Connections (TIC) initiative. The initiative was announced publicly in this Memo for Heads of Executive Departments and Agencies from the Office of Management and Budget's Clay Johnson. The memo discusses the requirement for each agency to develop a "comprehensive plan of action and milestones" to reduce their number of Internet connections, with the goal of having the entire federal government using only fifty Internet points of presence. The plan is similar to another DHS initiative, which believes that building a fence across the US-Mexico border will make it easier to secure the border. TIC works in exactly the same way. By having only fifty points of access, it becomes easier to identify what goes in and out of the Internet.

In the physical world we have the same concept in the Gated Community. Many of the same advantages and disadvantages of Gated Communities can also be expected here. Some of the advantages are that we can better control who comes into our communities, and even those who are allowed access have left clear record of their action, in the form of video surveillance at the gate checkpoints, and often through a log of visitors maintained by security guards who man these gates. These are exactly the advantages intended by the DHS Einstein III program, currently being used by at least 13 Federal agencies.

For an excellent discussion on Gated Communities and their roles in Security and Crime Prevention, please see "Public Places, Urban Spaces" by Matthew Carmona. Carmona's book is not primarily about Gated Communities, but rather about the decisions that should be considered as urban spaces are planned or designed.

Carmona argues that the design or an Urban Space should be seen in the context of Local, Global, Market, and Regulatory considerations, and must then take into consideration issues in the categories of Morphological, Perceptual, Social, Visual, Functional, and Temporal considerations.

The disadvantages that are primarily brought up with regard to the creation of Gated Communities typical begins by speaking about class segregation, and the annexation of previously public property to be used for the advantage of a relatively small subsection of the society which paid to create it. Even when the now segregated resources are granted "public use" during the day, privacy concerns commonly expressed about "surveillance societies" may cause some citizens to hesitate to visit these resources.

It strikes me that very few of Carmona's design processes were taken into account as the Trusted Internet Connection program began. For example, Perceptual Considerations -- will my Internet visits to government provided web resources now be monitored in a more comprehensive way? Will Einstein be learning and recording my interactions with the government similar to the Gated Community security guard who asks the name of the person I am visiting before allowing my vehicle to enter the GC?

What message should the rest of the Internet take from the decision by the Federal government that the way to be safe on the Internet is to restrict public access to a few carefully monitored Internet points of presence? As a practicing designer of network security considerations, I have to agree that the theory is strong. One of the first exercises I engage in with a client is to identify all possible paths in and out of their network, and what methods of securing and monitoring each of those paths are currently in use.

But how should this message play with the responsibility of the Department of Homeland Security to protect our Nation's Critical Infrastructures? Prior to the creation of DHS, a multi-agency partnership administered by the FBI existed under the auspices of the National Infrastructure Protection Center (NIPC). The NIPC Watch & Warn desk was the fastest single place to check about the status of any threat to our Nation's Critical Infrastructures, including the Cyber infrastructure. Now for Cyber matters we have US-CERT.

The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defenses against and responses to cyber attacks across the nation.

Interestingly, the mission of US-CERT is *NOT* to protect Federal Agencies, but rather to protect "the nation's Internet infrastructure", the vast majority of which will be on the OUTSIDE of the wall being created by the Trusted Internet Connections initiative. The program is rolling forward, with the first contract being announced in December 18th's DHS Daily Report, which stated:

The General Services Administration announced on Monday that AT&T has been awarded the first contract to deliver secure Internet connections to federal agencies via the Networx Universal telecommunications program. AT&T will offer Managed Trusted Internet Protocol Services under the Office of Management and Budget’s Trusted Internet Connections initiative, announced in November 2007. The goal is to reduce the number of Internet connections in the federal government to fewer than 100 in 2009; the exact deadline has yet to be determined. “GSA has provided resources to assist the successful implementation of the TIC initiative and made information systems security a priority in their strategic plans,” said the OMB administrator for e-government and information technology. “Fewer external connections mean fewer vulnerabilities and better secured networks.” Networx Universal is an indefinite delivery, indefinite quantity contract vehicle with a ceiling of $48.1 billion over 10 years. Combined with Networx Enterprise, it is the federal government’s largest telecommunications program. AT&T’s latest offering will include a system to detect computer network intrusions as well as a security operations center to protect agencies’ networks. GSA still is evaluating secure Internet connection proposals from Verizon and Qwest Communications, the other two vendors on Networx Universal.

(the DHS report quotes: Gautham Nagesh)

What does this strategy mean for the rest of us? As with the Gated Communities, one of the disadvantages is the issue that those of us OUTSIDE the gates feel (or actually are!) disenfranchised. What does it mean for the Critical Infrastructures who are "outside the fence"? Should, for instance, the banking industry be looking into building their own Trusted Internet Connections program that only serves their industry? With price tags such as the one given above, it may be that only the government can afford to be secure. What does that say about the strategy as a means of protection ALL of us?

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.