Trusted Internet Connection

Last updated

The Trusted Internet Connection initiative (also known as TIC, Office of Management and Budget (OMB) Memorandum M-08-05) is mandated in an OMB Memorandum issued in November 2007. The memorandum was meant to optimize individual external connections, including internet points of presence currently in use by the Federal government of the United States. It includes a program for improving the federal government’s incident response capability through a centralized gateway monitoring at a select group of TIC Access Providers (TICAP). [1] By reducing the number of access points, the government could more easily monitor and identify potentially malicious traffic. [2]

The initial goal for total number of federal external connections and internet points of presence was 50. [3] General Services Administration Networx is the contract vehicle to implement this initiative. [4]

See also

Related Research Articles

An Internet filter is software that restricts or controls the content an Internet user is capable to access, especially when utilized to restrict material delivered over the Internet via the Web, Email, or other means. Content-control software determines what content will be available or be blocked.

<span class="mw-page-title-main">Office of Management and Budget</span> Office within the Executive Office of the President of the United States

The Office of Management and Budget (OMB) is the largest office within the Executive Office of the President of the United States (EOP). OMB's most prominent function is to produce the president's budget, but it also examines agency programs, policies, and procedures to see whether they comply with the president's policies and coordinates inter-agency policy initiatives.

The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is often used to baseline application behavior, analyze network usage, troubleshoot network performance, ensure that data is in the correct format, check for malicious code, eavesdropping, and internet censorship, among other purposes. There are multiple headers for IP packets; network equipment only needs to use the first of these for normal operation, but use of the second header is normally considered to be shallow packet inspection despite this definition.

<span class="mw-page-title-main">National Cyber Security Division</span>

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.

The 21st Century Network (21CN) programme is the data and voice network transformation project, under way since 2004, of the UK telecommunications company BT Group plc. It was intended to move BT's telephone network from the AXE/System X Public Switched Telephone Network (PSTN) to an Internet Protocol (IP) system. As well as switching over the PSTN, BT planned to deliver many additional services over their new data network, such as on-demand interactive TV services.

The Information Technology Management Reform Act of 1996 is a United States federal law, designed to improve the way the federal government acquires, uses and disposes information technology (IT). It was passed as Division E of the National Defense Authorization Act for Fiscal Year 1996. Together with the Federal Acquisition Reform Act of 1996, it is known as the Clinger–Cohen Act.

The GSA Networx is a set of federal government contracts for civilian telecommunication for the General Services Administration (GSA) in the United States. It consists of two programs - Networx Universal and Networx Enterprise to support the Trusted Internet Connection initiative by Office of Management and Budget.

Business.gov is sponsored by the U.S. Small Business Administration to provide small business owners with access to federal, state and local government resources from a single access point.

EINSTEIN was originally an intrusion detection system that monitors the network gateways of government departments and agencies in the United States for unauthorized traffic. The software was developed by the United States Computer Emergency Readiness Team (US-CERT), which is the operational arm of the National Cyber Security Division (NCSD) of the United States Department of Homeland Security (DHS). The program was originally developed to provide "situational awareness" for the civilian agencies. While the first version examined network traffic and subsequent versions examined content, the current version of EINSTEIN is significantly more advanced.

<span class="mw-page-title-main">Controlled Unclassified Information</span> US government information category

Controlled Unclassified Information (CUI) is a category of unclassified information within the U.S. Federal government. The CUI program was created by President Obama’s Executive Order 13556 to create a streamlined method for information sharing and safeguarding. The Information Security Oversight Office (ISOO) acts as the Executive Agent (EA) of the National Archives and Records Administration (NARA), and is responsible for oversight of the CUI program. The ISOO monitors the implementation of the CUI program by executive branch agencies. CUI will replace agency specific labels such as For Official Use Only (FOUO), Sensitive But Unclassified (SBU), and Law Enforcement Sensitive (LES) on new data and some data with legacy labels will also qualify as Controlled Unclassified Information.

The Committee for a Responsible Federal Budget (CRFB) is a non-profit public policy organization based in Washington, D.C. that addresses federal budget and fiscal issues. It was founded in 1981 by former United States Representatives Robert Giaimo (D-CT) and Henry Bellmon (R-OK), and its board of directors includes former Members of Congress and directors of the Office of Management and Budget, the Congressional Budget Office and the Federal Reserve.

The Office of Social Innovation and Civic Participation was an office new to the Obama Administration, created within the White House, to catalyze new and innovative ways of encouraging government to do business differently. Its first director was the economist Sonal Shah. The final director was David Wilkinson.

Managed Trusted Internet Protocol Service (MTIPS) was developed by the US General Services Administration (GSA) to allow US Federal agencies to physically and logically connect to the public Internet and other external connections in compliance with the Office of Management and Budget's (OMB) Trusted Internet Connection (TIC) Initiative.

An Internet kill switch is a countermeasure concept of activating a single shut off mechanism for all Internet traffic.

<span class="mw-page-title-main">Risk Management Framework</span>

The Risk Management Framework (RMF) is a United States federal government guideline, standard and process for risk management to help secure information systems developed by National Institute of Standards and Technology. The Risk Management Framework (RMF), illustrated in the diagram to the right, provides a disciplined and structured process that integrates information security, privacy and risk management activities into the system development life cycle.

<span class="mw-page-title-main">Internet censorship in Russia</span> Overview of Internet censorship in the Russian Federation

Internet censorship in the Russian Federation is enforced on the basis of several laws and through several mechanisms. Since 2012, Russia maintains a centralized internet blacklist maintained by the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor).

<span class="mw-page-title-main">FedRAMP</span> US government cybersecurity program

The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

The Center for Internet Security (CIS) is a 501(c)(3) nonprofit organization, formed in October, 2000. Its mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats. The organization is headquartered in East Greenbush, New York, with members including large corporations, government agencies, and academic institutions.

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

References

  1. OMB: M-08-16, Guidance for Trusted Internet Connection Statement of Capability Form (SOC) (PDF), The White House, (April 4, 2008). Retrieved on August 9, 2008.
  2. What's Happening with the Trusted Internet Connection? govinfosecurity.com Interview with DHS Matt Coose 1 Mar 10 (podcast)
  3. OMB: M-08-05, Implementation of Trusted Internet Connections (TIC) (PDF), The White House, (November 20, 2007). Retrieved on August 9, 2008.
  4. Agencies make headway in reducing Internet gateways GCN.com By Mary Mosquera Jul 10, 2008