The Transition to TIC 3.0: Ensuring Agency Readiness for Network Modernization

The recent sophisticated attacks on multiple federal agencies by nation-state hackers demonstrate that new approaches are required to protect federal networks and IT infrastructures. 

Trusted Internet Connection 3.0, managed by the Cybersecurity and Infrastructure Security Agency, is needed now more than ever to strengthen cyber defenses in a world in which the network perimeter has become increasingly more amorphous.

TIC 3.0 Building Blocks

The transition to cloud and mobile environments, along with the increase in remote workers across the nation, heightens the need for cyber protection that can address agencies’ distributed network requirements, including branch offices, remote users and service providers.

Network connectivity is the foundational phase for agencies preparing for TIC 3.0. IT and security teams will need the right building blocks to accommodate a range of use cases. Operations teams will have to understand how network traffic and data transfers to and from remote offices and workers will perform in the new paradigm.

Zero Trust Preparation

TIC 3.0 is also designed to fit with other federal initiatives such as the Continuous Diagnostics and Mitigation program and the National Institute of Standards and Technology Zero Trust Architecture. TIC 3.0 divides agency architectures by trust zones, shifting the emphasis from a strictly physical network perimeter to the boundaries of each zone within an agency environment, with the goal of ensuring baseline security protections across dispersed network environments. This is an opportune time for agencies to start framing their zero trust strategy.

Technologies such as software-defined wide area networks, or SD-WAN, aligned with TIC 3.0 guidance will help agencies build a foundation for secure network access at the edge, and eventually transition to a zero trust architecture.

A single vendor approach cannot solve every TIC 3.0 use case. Efforts to bolster remote work, drive cloud adoption across federal agencies, and deploy mobile and IoT devices, increases network complexity and security risks. Integrators are needed to provide direction as agencies look to implement best-of-breed multi-vendor solutions for TIC 3.0. 

Key Concepts

Previous TIC versions required agencies to backhaul traffic to their network for inspection, instead of having a direct link between a user on a device and an application hosted elsewhere. CISA’s TIC 3.0 interim guidance, released in April 2020 as the government transitioned to mass telework, gives agencies the ability to build architectures around concepts and technologies—such as bring your own device, virtual private network access, multi-factor authentication, and alternative authentication methods—removing prior TIC inefficiencies.

Living Labs Are Necessary

Labs that can provide network and data transfer simulation for agencies will be key to successful TIC 3.0 implementation. For example, last year, the Advanced Technology Academic Research Center partnered with network and security industry leaders to create a TIC 3.0 Demonstration Center. This state-of-the-art physical environment provided agencies the ability to test and evaluate emerging technologies, shared services, and meet federal workforce expectations with simple, seamless access to applications and data.

Through WWT’s Advanced Technology Center, we are also building a TIC 3.0 Foundations Lab to further assist our customers along their TIC 3.0 journey and lay the foundation for a zero trust strategy. Using the Lab and the ATC, we can provide agencies a collaborative environment to design, educate and deploy customized solutions specific to agency requirements.

Having a place where government agencies can evaluate best-of-breed technology will always be needed. As CISA continues to update use cases, having hands-on testing labs that can address changes in technology and agency policy will be a necessity going forward.

The latest guidance provides new strategies that agencies can employ to increase both their network and collaboration capacity. As CISA’s Program Manager for TIC 3.0 Sean Connelly has noted, this guidance is just a starting point for agencies. 

Agencies will need the right building blocks and tools to protect their systems as traditional network parameters disappear and threats increase as their TIC 3.0 journey continues.

Matt Oberhofer serves as a Systems Engineering Manager at World Wide Technology.