recommended reading

GSA awards two more contracts for secure Internet service

The General Services Administration has awarded two contracts to companies seeking to provide federal agencies with secure Internet connections.

AT&T and Qwest Government Services will offer the services on GSA's Networx contracting vehicle under the Office of Management and Budget's Trusted Internet Connections initiative, announced in November 2007. The goal of TIC is to reduce the number of external Internet connections in the federal government to fewer than 100 in 2009.

"The core meaning of what we just did was offer users more choice," said Frank Tiller, director of service development at network services programs in GSA. Tiller said the agency expects to award TIC contracts to the other three Networx vendors -- Verizon, Level 3 Communications and Sprint -- by the end of the year.

Networx is the largest telecommunications program in the history of the federal government. It is divided into Networx Universal, with a ceiling of $48.1 billion, and Networx Enterprise, with a $20 billion cap. Both contracts are indefinite delivery-indefinite quantity with four-year base periods and two three-year options.

Qwest now will join AT&T in offering secure Internet services on the Networx Universal contract. AT&T began providing the service on Universal in December and will now be the first to offer the service on the Enterprise contract as well.

Jeff Mohan, executive director of AT&T's Networx program office, said Networx Universal and Enterprise are identical and closely resemble the services the company offers to its commercial clients.

All connections purchased on the Universal contract will include a system to detect network intrusions and a security operations center for the agency, along with a redundant Internet connection to ensure continuity.

"Basically, this gives you an Internet connection," said Tiller. "All we've done at a high level is to add a trusted portal -- a secure tunnel from the agency to the portal -- and we do filtering to make sure there is nothing harmful in the traffic. The filtering is what makes it trusted."

Tiller said end users would not notice any difference between the secure connection and a regular broadband Internet connection. All Web traffic on the secure connection will be monitored in real time using automated programs. When the system detects malware or suspicious activity, it issues traffic reports to officials who will then decide if further action is necessary.

"It takes people sometimes to look at events and decide what they mean," Tiller said. "Sometimes it takes time."

Karl Krumbholz, director of network services at GSA, said agencies' interest in buying secure Internet connections on Networx has been greater than anticipated, but he welcomed the additional business for the contract.

"Initially, in listening to OMB's approach, we thought this might be a service that primarily smaller agencies would want to take advantage of. But once the service was understood more fully, we found even larger agencies using the service," Krumbholz said.

"It is a good option in that it avoids a lot of capital investment and staffing," Tiller said.

Diana Gowen, executive spokesperson for Qwest, said many agencies remain unclear about exactly what the new offerings entail. Qwest is aggressively trying to educate them on the benefits of a secure connection.

"One of the things that is pertinent is that they can get a turnkey solution," Gowen said. "We can manage all of their Internet connectivity in a trusted environment. It should be completely invisible and transparent to them. If it isn't, we've sort of failed."

Gowen said the service can be customized based on an agency's specific needs and Internet policies. For example, the Treasury Department might have more stringent limits on Web traffic than the Labor Department.

"The driver is that the agency itself will dictate what security policy Qwest will be enforcing on traffic," Gowen said. GSA has given the company 60 to 90 days to prepare to offer the service on Networx.

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.