When the Trusted Internet Connections 3.0 (TIC 3.0) policy is finalized, Federal agencies can expect to quickly have four or five use cases that are approved by the Department of Homeland Security (DHS) due to initial pilots, said Michael Duffy, acting deputy director for DHS’ Federal Network Resilience Division, at Forcepoint’s Cybersecurity Leadership Forum on April 4.
Under the TIC 3.0 policy, which is still in draft form, agencies can add new ways – called use cases – to connect outside of the traditional Trusted Internet Connection Access Provider (TICAP) or Managed Trusted Internet Protocol Services (MTIPS).
“Right now, what we’ll see initially after the policy is issued from OMB [the Office of Management and Budget], you’ll see four or five agency use cases that agencies can immediately start using right now to be in alignment with TIC 3.0,” said Duffy.
The draft TIC policy, released in December, includes three of those use cases – cloud, SD-WAN, and remote users on government furnished equipment.
“It’s not simply saying that we’re evolving Trusted Internet Connections to now include cloud environments. It’s actually looking for a way that we are hopping on this IT modernization bandwagon to help enable agencies to make good decisions when it comes to, ‘How do I protect my Federal information systems in a smart way?’” he added.
“OMB and DHS are not just looking for vendors to lift and shift a TIC/MTIPS to the cloud, they are looking for vendors to provide unique use cases that will create a catalog of innovative solutions,” Stephen Kovac, vice president, global government, Zscaler, told MeriTalk. “We need to meet the spirit of TIC, but use modern technologies and platforms to deliver those services.”
Kovac emphasized cloud will be the key platform. “Use cases must address the unique Federal security and performance requirements that current TIC environments were not built to deliver. The new use cases should be highly distributed, high performance, with the cost savings of multi-tenant solutions, which obviously points us back to built-for-cloud security.”
For agencies and vendors looking to establish a use case, Duffy encouraged early planning and collaboration. Use cases must successfully demonstrate capabilities through an agency pilot and be approved by DHS in coordination with OMB and the CISO Council before becoming available to all agencies.
“Our initial priority is making sure that we are taking in these good ideas and these innovative solutions and next steps, so we can build that in to what 3.0 looks like operationally into FY20 and beyond,” said Duffy.