cambridge global advisors - Squarespace

CAMBRIDGE GLOBAL ADVISORS

1700 N. Moore St. Suite 2100 Arlington, VA 22209 (703) 600-1934 www.CabridgeGlobal.com

CAMBRIDGE GLOBAL ADVISORS

Cambridge Global Advisors Whitepaper Govnet: An Architecture for a More Secure Federal Civilian Network Authors: Cambridge Global Advisors Sponsored by: Northrop Grumman August 8, 2017

Govnet: An Architecture for a More Secure Federal Civilian Network

1

CAMBRIDGE GLOBAL ADVISORS Introduction For almost two decades, Federal cybersecurity leaders have debated the merits of consolidating 100+ Federal civilian agency networks into a single, federated enterprise network. This concept was dubbed “Govnet” in the Bush Administration. While at that time the technology to implement the proposal was in its infancy, today advances in networking provide a practical approach. This paper reviews the feasibility and benefits of creating Govnet today to provide a sound basis for discussion as the Trump Administration and Congress consider next steps to secure Federal information systems.

Background In 2001, the Bush Administration considered options for creating a Federal civilian agency network dubbed Govnet.1 The goal of Govnet was to provide these agencies assured communications as an increasing number of government functions were becoming reliant on the Internet. Although the Bush Administration ultimately scrapped plans for the network, the problems that led to the proposal to create Govnet have only grown worse. Federal agencies are almost entirely reliant on Internet-enabled applications to manage the business of government while the spate of incidents at the White House, the State Department, and the Office of Personnel Management show that the government’s ability to manage cyber threats is insufficient. Today, technologies like Multi-Protocol Label System (MPLS), Software Defined Networking (SDN), and Software-Defined Infrastructure can allow the vision of Govnet to be realized. On May 11, 2017 President Trump signed an Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. 2 The Executive Order directs the American Technology Council to coordinate a report to the President from the Secretary of Homeland Security, the Director of OMB, and the Administrator of General Services, in consultation with the Secretary of Commerce regarding modernization of Federal IT. The report shall describe the legal, policy, and budgetary considerations relevant to -- as well as the technical feasibility and cost effectiveness, including timelines and milestones, of -- transitioning all agencies, or a subset of agencies, to one or more consolidated network architectures. [Emphasis added]

Why a Federated Network is Necessary Under current policy, each Federal agency purchases Internet connectivity independently from Internet Service Providers (ISPs). While the General Services

1

https://fcw.com/articles/2002/04/22/clarke-floats-options-for-govnet.aspx https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-orderstrengthening-cybersecurity-federal 2


2

CAMBRIDGE GLOBAL ADVISORS Administration (GSA) provides a unified purchasing vehicle 3, each Federal agency has its own gateways to the Internet. Under the Trusted Internet Connection (TIC) initiative, begun in 2008 as part of the Comprehensive National Cyber Initiative (CNCI), 4 agencies have been working to reduce the number of gateways to the public Internet and to implement required security measures at those gateways. By the end of fiscal year 2014 (the latest year for which statistics are available), 95% of external Federal traffic for large agencies was routed through a TIC and compliance with security requirements for these gateways has reached 92%.5 For small agencies, TIC consolidation has reached 79% with 72% of connections meeting security requirements. Altogether, there are 60 TICs across the 23 CFO Act agencies6 plus a series of Managed Figure 1: A Govnet architecture provides better assurance for traffic between agencies Trusted Internet and a more secure and resilient Internet boundary Protocol Services (MTIPS) for smaller agencies that are managed by Internet Service Providers.7 The network consolidation is remarkable given that in 2008 when the initiative began there were an estimated 4,300 or more connection points to the Internet. 8

3 4

http://www.gsa.gov/portal/content/104870 https://www.whitehouse.gov/issues/foreign-policy/cybersecurity/national-initiative

5

https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/final_fy14_fisma_repo rt_02_27_2015.pdf 6 The CFO Act provides a list of large Federal agencies; while the Department of Defense is a CFO Act agency, it meets the requirements of the TIC effort under a separate program discussed elsewhere in this paper. See https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/final_fy14_fisma_repo rt_02_27_2015.pdf 7 http://www.dhs.gov/managed-trusted-internet-protocol-services 8

https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/2008_TIC_SOC_Evalua tionReport.pdf


3

CAMBRIDGE GLOBAL ADVISORS While the TIC program has largely been successful at reducing the number of Federal gateways, this architecture introduces two problems. First, communications between Federal agencies are not assured under this model. Second, governance has been all but impossible with each individual agency responsible for their own security. The TIC initiative never met the ultimate goal of the program to “Manage the Federal Enterprise Network as a single network enterprise.”9

Lack of Assurance In cybersecurity, information assurance is understood as being based on the “CIA triad” of confidentiality, integrity, and availability: information must be kept confidential so that only those who are authorized to access it can access it; the integrity of information must be protected so that it is not manipulated to deceive or otherwise cause harm; and the information must be made available when needed. The current Federal architecture fails on all points. While each Federal agency operates its own network, all rely on other Federal agencies to carry out their missions and use network technologies to coordinate and communicate. These communications rely on the public Internet to connect between agency networks where adversaries could intercept them, manipulate them, or block them. Email sent between most Federal agencies is sent “in the clear” with no encryption to protect the confidentiality of information. Communications between agencies rely on public infrastructure and the public domain name system, and could be shut down through distributed denial of service attacks or broader damage to Internet routing infrastructure. In short, the current system does not provide for the confidentiality of communication between agencies, the integrity of communication between agencies, or the availability of communication between agencies. The TIC Reference Architecture contemplated a “Government-to-Government” or “G2G” interagency connection class where certain mission critical traffic would be shared directly between agencies that were both TIC compliant10; however that model has not been widely adopted, if at all.

Governance Under the current governance structure, each agency operates its own Trusted Internet Connection (TIC)11 at which the Department of Homeland Security (DHS) places some network security instruments (Einstein 1/Einstein 2) and sets requirements for security that agencies are responsible for implementing under the TIC Architecture. This model has proven to be unworkable with many agencies failing to effectively monitor their connections to the public network and resisting implementation of new Einstein technologies by DHS. Under Federal law and policy, DHS is responsible for deploying advanced intrusion detection and protection services to Federal agencies; however, because each individual agency owns their own network and manages their own Trusted Internet Connections (TICs), DHS must negotiate with the agency in order to 9

https://www.whitehouse.gov/issues/foreign-policy/cybersecurity/national-initiative https://www.fedramp.gov/files/2015/04/TIC_Ref_Arch_v2-0_2013.pdf 11 http://www.dhs.gov/trusted-internet-connections 10


4

CAMBRIDGE GLOBAL ADVISORS deploy any new capabilities and sign a Memorandum of Agreement that governs what DHS can and cannot do12. While the reduction to sixty TICs is laudable, sixty gateways is still a large number to manage and introduces unnecessary costs for security programs. By contrast, the Defense Department, serving a larger number of users that are geographically dispersed around the world, has less than a dozen gateways from the Department of Defense Information Network (DODIN) to the public Internet. DOD can both instrument these gateways in a cost effective manner as well as implement policy without the approval or action of DOD components. Recognizing both the program management challenges and policy challenges associated with the TICs, DHS opted for a different approach for the Einstein 3 Intrusion Prevention Service. Rather than deploying the technology at the TICs, which would require 60+ builds of the technology as well as negotiating with each TIC operator, DHS pursued a plan that would aggregate Federal agency traffic on the backbone of the public Internet, deploying Einstein at a series of aggregation points known as “NESTs”, block any malicious traffic there and allow all non-malicious traffic to continue to agencies.13 Notionally, these NESTs were to be classified facilities where the ISPs would offload Federal agency traffic from the backbone based on IP addresses, inspect the traffic, and send it on its way. 14 Based on our discussions with federal officials, this technique has yielded poor results. Information on Federal IP address ranges is often lacking and not updated, resulting in a large percentages of traffic missing the aggregation points in tests. The asynchronous nature of traffic on the backbone of the Internet vs. at an enterprise gateway to the Internet likely makes the approach flawed from the start. From a political perspective, the idea of the Federal government being able to aggregate and inspect traffic on the backbone of the Internet has raised concerns with civil libertarian groups. While DHS has yet to abandon the NESTs entirely, the first two countermeasures for Einstein 3 are being deployed in an alternative implementation model, dubbed Einstein 3A, in which DNS-sinkholing and email filtering will be done at the network level by accredited ISPs. While the deployment for Einstein 3A is technically sound, it has reinforced one of the main drivers for the NEST model – that requiring agency cooperation from both a policy and a technical experience slows, and, in some cases, stops deployment. In order to effectively manage the security of Federal agencies, DHS will need to be able to deploy technology in a cost-effective way and control the governance of that technology.

12

http://www.gsa.gov/portal/getMediaData?mediaId=169487 https://www.oig.dhs.gov/assets/Mgmt/2014/OIG_14-52_Mar14.pdf 14 https://www.oig.dhs.gov/assets/Mgmt/2014/OIG_14-52_Mar14.pdf; http://www.gao.gov/assets/680/674829.pdf 13


5

CAMBRIDGE GLOBAL ADVISORS Architecture The proposed architecture for Govnet consists of a core MPLS network over which SDN would be used to create layers of security under a model that can adapt to both changing threats and changing user requirements. As more federal government applications move to the cloud, this architecture will allow Federal agencies to gain the benefits of moving applications off premise while streamlining the security of Federal data.

Core Infrastructure An MPLS network with two or more Internet Service Providers (ISPs) to provide redundancy would form the basis of the network. Inclusion of multiple carriers, possibly federating their existing client base, could create support among the current providers of Internet service to Federal agencies. Such a network would have multiple advantages for security: 1. Fewer Access Points: A consolidated network would allow for a limited number of access points that need to be monitored. Currently, for DHS to fulfill this mission, it must maintain equipment across over 60 TICs. It must also be granted access by the individual agencies that own each TIC. 2. Confidential Communications: Currently, Internet traffic between federal agencies is routed unencrypted over the public Internet. Email, for instance, can be intercepted and read by anyone in the path. Under the proposed network architecture, all communications would be encrypted at the network level. Higher degrees of confidentiality could be gained through SDN for specific applications. 3. Communications Integrity: Because Federal agency communications are routed over the public Internet unencrypted, there is little assurance that communications cannot be corrupted along the path. The proposed architecture could assure the integrity of communications by giving DHS the ability to monitor Federal communications end-to-end. 4. Network Availability: At present, attacks as simple as a Denial of Service can impede the ability of Federal agencies to communicate with each other. An outage of the domain name system would leave Federal agencies unable to carry out even the most basic IP-based communications. Given the move within Federal agencies to Voice over IP (VOIP), under the current construct, Internet outages would also deprive agencies of unclassified voice communications.

Making the Network Adaptive On top of this core infrastructure, the network must be built to adapt to not only the changing tactics of adversaries but also the needs of its users. SDN and SDI can allow the network to be reconfigured on a reoccurring basis without disrupting service or operations from the perspective of authorized users. This process can allow for “Continuous Trust Restoration” – re-creating a state of the network that is not known to the adversary and therefore can be trusted by legitimate users. Secure networks can be stood up and torn down on an as needed basis, extending protection outside the traditional perimeter for specific purposes. New subnets can be created to protect


6

CAMBRIDGE GLOBAL ADVISORS critical information or systems as new threats emerge. This adaptive infrastructure can be tied into the next generation of intelligence-driven security products, to adapt the network as new threats are detected. 15 By continuously re-making the network, adversaries will be unable to understand the network terrain, map it, and move across it, thereby breaking the “kill chain”.

Rethinking the NESTs The architecture of a unified Federal network should leverage the Federal government’s investment in the TIC architecture and in the NESTs. Through the MPLS network, the existing TICs can be connected securely to the existing NESTs. Instead of aggregating traffic at the NESTs, the NESTs can instead advertise as the gateways for civilian Federal agencies. This network can also be securely connected to the DODIN. This approach has a number of advantages but the biggest may be that the system looks a lot less like an intelligence gathering system and a lot more like a typical organization’s network. Several ISPs raised concerns over liability with the NEST approach and have asked for liability protection before turning the system on. Using the NESTs as gateways would avert this concern, effectively making the NESTs part of agency networks rather than a vantage point from which the Federal government can scoop up traffic off the backbone.

Inspecting Encrypted Traffic Higher and higher percentages of internet traffic in general, and Federal agency traffic specifically, are being transmitted through encrypted channels. This growth in adoption of encryption has huge security benefits that are hard to overstate. In no way should encryption be removed or weakened for the purpose of inspecting traffic. Yet, encryption does threaten the utility of current perimeter security models. Traffic passing through a TIC that has been encrypted end to end cannot be inspected by the Einstein 2 intrusion detection system. The challenge is even greater for the NEST model, where much of the traffic on the backbone of the Internet is being moved into encrypted channels. In part, the application layer solution developed under Einstein 3A for DNS sinkholing and email filtering was developed to address the reality that email and DNS


7

CAMBRIDGE GLOBAL ADVISORS are now being encrypted by default. In order to secure Federal networks, the new system will need to be able to decrypt, inspect, and re-encrypt all encrypted traffic crossing the network. This process can be accomplished through commercially available keyexchange systems that have been proven at scale. While the technology is commercially available, the legal authority and governance for this process will need to be developed. Moreover, given the sensitivity surrounding issues of encryption and privacy, access to the decrypted contents will need to be carefully controlled and monitored. The system can also be used to identify, and, if necessary, block the outbound transmission of information that is required to be encrypted by policy such as personally identifiable information. To address agency concerns with making encrypted data available to DHS to inspect, Federal leaders may wish to consider a model where any data captured for analysis at the Federal perimeter that was encrypted is first sent to the sending or receiving agency to analyze under its authorities before being released to DHS.

Governance

HSDN as a Model One model for the network is the Homeland Security Data Network (HSDN). HSDN is a Secret-level classified network developed by the Department of Homeland Security for use by civilian agencies. The network connects to the DOD’s Secret Internet Protocol Router Network (SIPRNET) and extends classified connectivity to DHS components, civilian agencies, and certain state and local government agencies such as fusion centers. HSDN consolidated multiple separate classified networks by providing a single “backbone” for communications at this classification level. Described as a “network of networks”, HSDN uses an MPLS core to provide assured communications across multiple partner agencies. Beyond providing full-service network operations, HSDN also provides a suite of collaboration tools, applications, and secure workstation configurations. HSDN is built with redundant capabilities including multiple service providers and primary and backup network operations and centers and security operations centers. A recent assessment by DHS’s Chief Information Security Officer found that HSDN was a “well-managed program in the operations and maintenance lifecycle.” The major risk identified is that, given the program’s success, demand is greater than initial projections.

In order for the vision of a unified, federated network for Federal civilian agencies to be realized, a governance model for the network will first need to developed and agreed upon. Congress will need to authorize and fund its development as well as mandate its use. The governance model should cover the ongoing cycle of planning, deploying, and operating the unified Federal network. While different Government organizations will likely be focused on procuring, securing and utilizing Govnet, a common governance model provides a predictable and organized mechanism to build and sustain their joint relationships and


8

CAMBRIDGE GLOBAL ADVISORS responsibilities while providing an avenue for issue deconfliction and resolution. Figure 2 depicts the focus of each Government organization unified by a governance of the ongoing planning, deployment and operation lifecycle of Govnet.

Network Management and Network Defense While there are many options for what agency could lead development and operation of Figure 2: Governance of Govnet the network, using existing authorities as a guideline, the General Services Administration could be responsible for the provisioning and management of the network and DHS could be responsible for its security. This division of responsibility would closely mirror the division of responsibility for the DODIN in which the Defense Information Security Agency (DISA) provisions and operates the network and Cyber Command defends the gateways to the public Internet. Under this construct, DHS would not only be responsible for providing classified capabilities but also provide all unclassified perimeter security. Under the current division of responsibility at the TIC Architecture, DHS is only responsible for providing the Einstein set of capabilities. DHS then sets the requirements, but does not provide or operate unclassified tools. Under a Federated model, this division of responsibility would be impractical as many agencies will utilize each gateway. Beyond the authority to inspect traffic, DHS must also be able to disconnect or otherwise limit traffic from agencies that are not meeting security requirements and to implement policy such as limiting access to social media or other websites.

Agency Responsibilities While agencies would no longer be responsible for perimeter protection, agency CIOs could maintain responsibility for protecting enclaves within their network, monitoring “east-west” traffic flows, and securing systems that connect to their networks. Agency’s would also need to work closely with DHS to ensure that tool sets deployed at the perimeter can monitor their traffic. Alternatively, the Federal government could also adopt the model provided by DISA in the Joint Regional Security Stack (JRSS), allowing individual Federal agencies to “outsource” security requirements to DHS while setting the rules by which data is allowed to move out of their agency to other agencies. 16 Agencies would either need to meet requirements to connect to govnet such as

16

http://www.disa.mil/Initiatives/JRSS


9

CAMBRIDGE GLOBAL ADVISORS installing sensors and tools and feeding that data to DHS or choose to have DHS operate these tools for them. Many agencies have very complex network environments, and multiple networks for different functions. From the agency perspective, govnet would not require rearchitecting their internal networks. For any networks connected to the internet, agencies would simply “switch ISPs”. Instead of getting a direct internet connection from their commercial ISP, they connect to govnet and all their internal IP space and network address translation would remain the same. 

Authorization In order for the program to be successful, Congress will need to not only authorize and fund its development but mandate its use. Under current law and policy, DHS has been challenged by a number of agencies that believe their statutory obligations to protect certain classes of data (personally identifiable information, statistical agency data) prohibit them from allowing their data to be inspected by DHS. Congress will need to clarify that DHS’s authority and mandate to inspect Federal agency traffic covers all data transiting to or from a Federal agency, notwithstanding any other provision of law.

Benefits Creation of Govnet will have multiple benefits for the Federal government including increased availability, improved confidentiality, improved gateway protection, and an architecture built with cloud and mobile applications in mind, and an overall lower cost than individual agency purchases of connectivity.

Increased Availability Under the current Federal architecture, communications within and among agencies are reliant on the public Internet infrastructure. Loss of the public Domain Name System (DNS), for example, would mean that email messages between Federal agencies could not be routed and a distributed denial of service (DDOS) attack on the public Internet could block all IP-based unclassified communications between Federal agencies. The Govnet architecture as proposed would remove reliance on the public routing infrastructure. The architecture would allow the Federal government to operate an enterprise recursive service for DNS, so that DNS lookups from within .gov are processed by government controlled DNS servers, rather than internet servers. In the event of a DDOS attack, attack traffic on the public Internet would not affect the operation of Govnet, which would operate on a separate layer. Similarly, a failure of the public DNS infrastructure would not impede communications between government agencies as the network would have its own, separate DNS infrastructure. In the event of a major Internet-based attack, the ability of the Federal government to continue to communicate would allow government agencies to respond more effectively. Consolidation of the network will also allow the cost-effective development and


10

CAMBRIDGE GLOBAL ADVISORS operation of gateways outside the continental United States, allowing agencies like the State Department and USAID to achieve a better level of service where their personnel are located while providing improved information security.

Improved Confidentiality The current Federal architecture does not provide for the confidentiality of communications between Federal agencies by default. Email, for instance, can be signed and encrypted using PIV cards, but requires a proactive step by the sender and the ability to decrypt the message by the recipient. Most email messages sent between agencies are therefore sent “in the clear”. With Govnet, all communications between agencies would be encrypted at the network layer, protecting the confidentiality of information by default.

Advanced Gateway Protection Consolidation of individual agency networks into a single, federated network will allow DHS to protect a smaller number of gateways with more advanced security tools. Under the current architecture, DHS must either deploy up to 60 instances of security tools at the TICs, move all security measures to the application layer, or attempt to aggregate and scan traffic on the backbone of the Internet under the NEST model. Govnet would allow the Department to meet the access needs of all Federal agencies with no more than 12 Internet access points distributed throughout the United States and around the world. Creation of an MPLS connection between the NESTs would allow for re-routing traffic to alternate access points in the event that there are issues with the security equipment at one, so that cyber protection coverage is not lost for that traffic. Doing so would also allow the Department to emulate what DOD has done with the Sharkseer program17 and use a combination of commercially available tools to provide signatureless protection.

An Architecture Built for Cloud and Mobile With an MPLS architecture as its core, cloud and mobile applications can be securely connected through SDN applications. Mobile traffic can be routed to and through the core network. Cloud applications can also be connected to and through the network or, if properly secured and managed, be configured as additional public gateways to the Internet. Under this architecture, web-facing applications accessed by the public could be stored in public-cloud infrastructure, with data exchanges between the public-cloud and government backend servers or hybrid clouds (public-private clouds) inside the perimeter. Securing the Operational Environment The passive and active defensive infrastructure and data collection at the Internet Access Points could be moved to a classified network. Moving analysis and coordination of incident response to a classified network would provide additional protections for the infrastructure, protect cyber data from sophisticated adversaries who 17

https://info.publicintelligence.net/NSA-Sharkseer.pdf


11

CAMBRIDGE GLOBAL ADVISORS would normally hide by covering their tracks, allow classified signatures and methods to be applied to the security infrastructure, and allow classified information to augment reporting and collaboration across Government. This is the model currently used effectively by DOD.

Lower Cost The proposed solution would likely produce lower overall costs than current legacy programs in several ways: •

Bulk Purchase of Internet Access: Bulk purchase of telecommunications services by Federal civilian agencies should provide economies of scale. Under most contracts bandwidth is dedicated for the provision of MPLS-service, therefore interagency communications, which make up a large portion of overall agency bandwidth usage, should come at a lower cost.

•

Avoiding Double-Charge on Internal Government Traffic: By simply routing cross-agency network traffic across Govnet instead of the internet, Federal agencies should have smaller bills for Internet service. Because ISPs typically offer bandwidth-as-a-service, with increased bandwidth (and cost) provided on demand, routing traffic internally across gov.net avoids paying ISPs twice for bandwidth (outgoing and incoming) for traffic between agencies.

•

Reduced Access Points to Monitor: With the reduced operational management burden from a smaller number of sites and given the high capacity of current security technologies, deploying the most advanced capabilities to protect the Federal perimeter could be accomplished at a fraction of the cost of achieving the same level of security effectiveness under the current architecture. In addition, ISPs should be able to provide netflow data as-aservice, allowing DHS to receive this data straight from the source and eliminate the costly management of the separate Einstein 1 infrastructure. 18

•

Eliminating Redundant Systems and Services: Under the current program, both DHS and individual agencies have responsibility for monitoring agency perimeters. By consolidating responsibility for monitoring the Federal perimeter at a reduced number of access points, the Federal government will be able to eliminate redundant systems and services such as the purchase of threat intelligence feeds.

Implementation Realizing the vision for Govnet will require proving the feasibility and value of the concept, changes to law in order for the program to be effectively implemented, and

18

The Defense Information Services Agency is currently switching to this model in a project called Cyclops – see https://flocon2017.sched.com/event/99Za/disa-cyclops-program


12

CAMBRIDGE GLOBAL ADVISORS changes to how Internet connectivity is purchased by Federal agencies for telecommunications and cybersecurity services.

Feasibility Study Through an open process, DHS and GSA should select an independent organization such as a Federally Funded Research and Development Agency (FFRDC) to conduct a feasibility study for the project. The feasibility study should begin with a request for information (RFI) to vendors and the research community. Responses to the RFI should be made public. In preparation for the RFI, GSA should identify current and projected bandwidth requirements for Federal agencies, and determine how much traffic flows between Federal agencies and how much traffic flows to non-Federal partners.

Pilot Program As a proof of concept, DHS should look to partner with other Federal agencies on a voluntary basis to pilot the approach. This pilot effort could involve deploying an encrypted tunnel between two TICs and one NEST for the exchange of government information. Other TICs at other agencies could be added to expand the network. The pilot effort could also include testing of new technology to change the configuration of the network to be adaptive to adversary behavior.

Funding Structure As under the current Networx vehicle, Federal agencies should continue to purchase and pay for Internet connectivity; however, under this model, only ISPs that can offer service that is federated into the Govnet architecture will be allowed to sell to Federal civilian agencies.

Authorization While the pilot is ongoing, DHS and the White House should begin working with Congress to create the necessary legal structure for the network. That legal structure must: • • •

Mandate the use of the network for all Federal civilian agencies Prohibit any spending on telecommunications services not tied to the network without the approval of the Secretary of DHS Clarify that, notwithstanding any other law, the DHS has the authority to monitor, inspect, and block Federal civilian agency traffic

Conclusion Foreign adversaries have shown that they value the information Federal civilian agencies have. They have also shown that current network security for Federal civilian agencies is woefully lacking. Rather than trying to bolt security onto legacy networks that were not designed with security in mind, it is time for the Federal government to invest in a new network that will be designed with security baked into to its core infrastructure. Govnet, as proposed in this paper, would provide higher degrees of


13

CAMBRIDGE GLOBAL ADVISORS assurance for Federal networks and data, likely at a lower cost than trying to protect today’s legacy networks.


14