TIC 3.0: Connecting Agencies to Today’s Technologies

In response to the global need to work from home, we’ve seen many government agencies put a renewed focus on equipping their workforces with modern, mission-critical technologies. Things like zero trust architectures, software-defined networks, telework and cloud have become more relevant than ever, in part because of the coronavirus. That’s why those who work in federal government security are particularly excited about the new and improved Trusted Internet Connections (TIC) policy.

TIC 3.0, published late in 2019, is removing regulatory barriers to modernization. TIC deals with external network connections, which are channels that provide or deny access to agencies’ systems, applications and data. Users traverse these connections when they telework or head to a different branch office.

TIC 3.0 specifically recognizes that mobile technology and wireless networks have transformed modern work and citizen demands. Of course, these external connections – which are very different than on-prem connections – must be secure, and that’s what the TIC policy enforces.

People want to be able to connect with agencies online, and employees need the flexibility to complete their work on the road, from home or at agency offices throughout the country. Because of the growth of agencies and the need to work outside of government facilities, TIC received a much-needed upgrade.

To understand why TIC 3.0 is such a watershed policy, you have to understand the previous versions. The original TIC policy was published in 2007, with the same goal of securing external network connections. At the time, the federal government had issued a study and found there were more than 4,300 external network connections throughout the government. TIC aimed to consolidate those connections to fewer than 100.

In 2012, TIC 2.0 came about, which prescribed more direct measures for securing internet connections. After the first round of policy offered increased visibility and consolidation of TIC access points, TIC 2.0+ provided a new setup for agency or industry internet service providers. Employees often use these TIC 2.0+ access points to connect to the web or external partners.

The key problem with the original TIC is that it created many regulatory hurdles to follow, preventing the adoption of emerging technologies, such as cloud services. As technology progressed, the initial goal of reducing the number of external connections no longer fit modern security and business needs.

The Cloud Smart initiative, a follow-up to Cloud First, set a goal for the revamped TIC, stating, “With the proliferation of private-sector cloud offerings, the emergence of software-defined networks, and an increasingly mobile workforce, the TIC model must compete with newer, more flexible solutions that provide equal or greater security, or it must evolve.”

That brings us to the evolved TIC 3.0, the newest in a 13-year lineage of securing external solutions. Let’s take a look at how TIC 3.0 is different from previous versions.

  • First, it gives agencies three new use cases, with more coming.
  • Second, it gives agencies broader interpretation authority.
  • Finally, it gives agencies the flexibility to adopt modern technologies.

It’s important for agencies to know their TIC 2.2 connections still work and are still accepted under TIC 3.0. They don’t have to throw those solutions out the window to be modern and compliant. But the biggest development from the new policy is agencies can also look to remote users, branch offices and, most importantly, cloud computing for their use cases.

TIC makes it easier for agencies to adapt to modern work realities brought on by COVID-19, most notably by offering temporarily available options to accompany the surge of teleworkers. TIC 3.0’s importance will expand as telework becomes the new normal in government.

This article is an excerpt from GovLoop Academy’s recent course, “TIC 3.0: Connecting Agencies to Today’s Technologies,” created in partnership with Zscaler. Access the full course here.

Leave a Comment

Leave a comment

Leave a Reply