Most U.S. federal government agencies are expected to meet cybersecurity defense requirements by buying managed security services from carriers such as AT&T, Qwest, Sprint and Verizon through the federal umbrella telecommunications contract known as Networx.
These purchases come at a time when the U.S. government is shifting its strategy for defending federal networks against a rising tide of hacking attacks launched by foreign governments and criminals. Rather than focusing on consolidating external Internet connections, the government is directing agencies to deploy a standard set of security tools and processes on all of their Internet connections (See "U.S. Internet security plan revamped.").
This represents a shift for the federal Trusted Internet Connections (TIC) Initiative, services for which are available on the Networx contract under the acronym MTIPS, which stands for Managed Trusted Internet Protocol Services.
Carriers say it will be less expensive for agencies to purchase TIC-related services through the Networx contract than to build their own TIC access points.
"There's maybe a 10% to 15% price differential between an ordinary Internet circuit and an MTIPS circuit, and for that you're getting antivirus and all the other scanning," says Diana Gowen, senior vice president of Qwest Government Services.
The carriers are gearing up for a flood of TIC-related business in 2010, as soon as they pass the extensive certification and accreditation processes required by DHS, the General Services Administration and individual agencies.
AT&T announced its first TIC-related deal on Thursday: an eight-year, $5 million award from the Federal Trade Commission that includes managed security services, Web hosting and intrusion notification. (See "AT&T wins $5M cybersecurity deal with FTC.")
"This is the first customer that has agreed to let us publicly announce that they have awarded us their MTIPS service," says Jeff Mohan, Networx program director for AT&T Government Solutions.
Qwest says it has several customers lined up for its TIC-related services including the Federal Energy Regulatory Commission and the Alcohol Tobacco Tax and Trade Bureau of the Treasury Department.
"I'm hoping by the end of the calendar year, every one of the data networks we support we will have brought over to MTIPS," Gowen says. "EPA is an active bid today. They are evaluating MTIPS as part of their data network, and we're hopeful that we'll bring them on board. Everybody that we're doing hosting for today -- that's the next target. That includes other parts of Treasury, the National Library of Medicine and the National Institutes of Health."
Bill White, vice president of federal sales at Sprint, says the carrier has "commitments for half a dozen agencies" for MTIPS services. "They're just waiting for us to get the green light from DHS."
Mohan says meeting the TIC Initiative requirements is so complex that more agencies may decide to outsource these services to the carriers rather than operate their own TIC-compliant access points.
"It's quite an extensive proposition," Mohan says. "You need special folks, special construction of secure facilities. It requires lots of interaction with government agencies. We hope that what we've built is cost-attractive to the agencies but also very scalable so we can offer it to a lot of different agencies."
One step the Obama administration hasn't taken: setting a deadline for when agencies must meet the TIC Initiative requirements.
"How do you get customers when there's not a firm line in the sand?" Gowen asks. "Lacking that, you have a lot of agencies that think…until they have to do it, they'll just sort of wait. It's up to us to figure out how to show them that there are other costs associated with not being as protected as they could be."
Read more about wide area network in Network World's Wide Area Network section.
This story, "AT&T, Verizon, other carriers eyeing federal government cybersecurity deals" was originally published by Network World.