The evolution of the Trusted Internet Connection (TIC) program – from TIC 1.0 more than 10 years ago to TIC 3.0 today – reflects how technology often moves in unexpected ways.
For example, early in GovLoop’s roundtable discussion in January about TIC 3.0, TIC Program Manager Sean Connelly reminded everyone about why TIC came about back in the mid-2000s. The Office of Management and Budget (OMB) had asked agencies to report their total number of internet connections.
No one had done such a count before, so OMB officials weren’t sure what to expect. But they were still surprised.
“The number that came back was well over 4,000 connections – that was well above what anyone thought,” said Connelly, whose position sits in the Cybersecurity and Infrastructure Security Agency (CISA). “We realized that we had to get some way to control this.”
The surge in cloud usage came as yet another surprise because cloud was just emerging as a viable platform when OMB issued the first TIC policy in 2007.
It’s easy to forget that there was a time when people saw the cloud as having limited potential in government, according to Stephen Kovac, Vice President of Global Government and Compliance at Zscaler, a cloud-based information security company.
“In 2008, 2009, the key thing we did on the internet was surf, and check email,” Kovac said. “I remember I used to call on [agencies], and people would say, ‘I’m never going to put my data on the internet and the cloud. No way!’”
The roundtable discussion, which primarily involved representatives from federal civilian agencies, covered a wide range of topics, from the continued relevance of the original TIC vision to the uncertainty and excitement about how the program will evolve. Here are five big takeaways.
Legacy TIC Still Matters
For many years, feds have spoken about TIC in somewhat disparaging terms, given its incompatibility with the widespread adoption of cloud and emerging technology solutions. But one roundtable participant from a civilian agency reminded folks that TIC was an important breakthrough and provided a standard approach to securing internet traffic.
“When TIC came along, it just enabled us to do what we needed to do,” the attendee said. “It helped us because we actually had the staff, the funding and the whole nine yards to funnel traffic in through the edge.”
That said, the TIC model had its drawbacks, noted John MacKinnon, Global Telecommunications Partner Development Manager for the Worldwide Public Sector at AWS.
“We had an information superhighway – and a two-lane dirt road feeding that superhighway,” MacKinnon said. “You are not going to have a great user experience in that environment.”
Connelly added that the goal of TIC 3.0 is not to replace traditional TIC but to extend secure connectivity to more distributed environments.
“The guidance coming out from Federal [Chief Information Officer] Suzette Kent was, ‘Get TIC out of the way for my users going to the cloud.’ These use cases are just different examples of how agencies can connect the user systems to the cloud.
“Your traditional TIC, TIC 2.0, is still the primary solution. We’ve talked to a lot of agencies over the last month, and they’re still interested in the traditional TIC being their primary architecture, and that’s completely fine. What we’re doing, though, with TIC 3.0 is providing alternatives for agencies to use.”
For the rest of the takeaways, download GovLoop’s e-book “Time for Modern, Secure Networks: The TIC 3.0 Initiative.”
Photo credit: GovLoop