The head of the Cybersecurity and Infrastructure Security Agency’s (CISA’s) TIC Program Office emphasized that the Trusted Internet Connections (TIC) 3.0 initiative aims to create more flexible and efficient ways for Federal agencies to improve security, and said his office is considering a wide range of additional use cases to help agencies implement the framework.
“The traditional networking compass is broken,” declared Sean Connelly, CISA’s TIC Program Manager and Senior Cybersecurity Architect, today at MeriTalk’s virtual TIC Talks event.
That compass – which has tended to view data flows through the traditional lens of vertical and horizontal paths – now begs for agencies to adopt security frameworks that give them much greater visibility into their networks and threat vectors, along with increased flexibility to architect security according to their varied missions, he explained.
That improved visibility, Connelly said, will greatly improve situational awareness and help out agency security operations centers and CISA threat-hunting analysts to protect networks.
Against a threat landscape that continues to grow more perilous, and agency data flows that are expanding at warp speed, Connelly explained how TIC 3.0 accommodates agencies’ increased use of cloud services and better positions Feds to deal with modern attack scenarios, including “living off the land” exploits that have been long lasting and difficult to detect.
And, he said TIC 3.0 guidance will position Federal agencies to work more efficiently with other CISA security initiatives including the Continuous Diagnostics and Mitigation (CDM) program and the National Cybersecurity Protection System’s EINSTEIN program.
Most Federal agency tech leaders are already aware of TIC Program Office efforts that support TIC 3.0 thus far – including its program guide, reference architecture, security capabilities catalog, and overlay and use-case handbooks – particularly those latter resources that support branch office and telework implementations.
Connelly said at today’s event the program office is close to concluding the first phase of its TIC 3.0 support effort, and about to enter into the second phase that is expected to include a basket of additional use cases. Those will support implementations regarding remote users, infrastructure as a service, software as a service, platform as a service, and email as a service, he said.
Beyond that, Connelly said that a potential third phase may involve TIC 3.0 use cases dealing with zero trust, internet of things, partner networks, the General Services Administration’s Enterprise Infrastructure Solutions (EIS) communications services contract vehicle, and unified communications. The program office s also eyeing potential complementary guidance for web application programing interfaces, he said.
The program manager also said his office is working with vendors on overlays that map the services they provide to hasten implementation of TIC 3.0 guidance. Multiple vendors are expected to release overlays in the near term, and Connelly encouraged Federal agencies to “tailor the overlays to their environments.”
Elsewhere in his remarks, Connelly explained benefits of the more distributed security architecture that TIC 3.0 promotes, and called it the “most fundamental change” that underlies the program office’s guidance.
Themes in that discussion include the establishment of network trust zones under TIC 3.0, which redefine the logical boundaries around computing environments and widen their definition to include smaller segments like cloud containers, endpoints, and individual users. “We want to shrink those trust zones down as small as possible,” he said, while adding that the program office has left the concept “intentionally abstract” so that agencies have flexibility to determine those zones according to their needs.
Connelly also discussed zero trust, which he said is “more than an architecture,” and also a “philosophy and culture that needs to be embraced” by its adopter.
Fundamental tenets of zero trust include the need for user trust to be “continually established and reestablished,” and the recognition that data used to establish trust has a fleeting “half-life” that requires trust to be newly established on a continual basis. Building that trust, he said, relies on applying identity management and credentialing principles, defining different layers of access, and employing telemetry and threat intelligence.