WASHINGTON, D.C. – The Bush administration is calling for a closed IP network for government agencies that will be secure and impervious to external attack.
The General Services Administration yesterday put out a request for information from network vendors for a protected government network dubbed Govnet.
“Govnet will be a private Internet Protocol network shared by government agencies and other authorized users only,” said the request. “Govnet will provide connectivity among users to a defined set of service delivery points.”
The network would be totally separate from the public Internet or other public or private networks. It would include voice, conferencing and multicast services. The GSA is asking for a network that “will be immune from malicious service and/or functional disruptions to which the shared public networks are vulnerable” and be impervious to malicious code from any external network.
Its a tall order, but one that, if designed and operated correctly, is a good idea, said Bruce Schneier, chief technical officer for Counterpane Internet Security.
“If you can physically separate the attacker from the target you can stop him,” Schneier said.
The key is to build a completely separate network from the fiber up, with dedicated routers. But such a network is only as secure as the people using it. The military and spy agencies have their own closed networks, but they havent always proven impervious, Schneier said.
“It took the Melissa virus 24 hours to jump from the Internet to the closed military network,” said Schneier who added that the breach probably occurred when someone switched an infected machine from the open Net to the secure system.
“We do think it will work,” said a National Security Council official who preferred not to be named. The official said the network, when built, will be used for critical agency traffic and that specific users had not yet been established.
The National Security Council has been working on the network plan for several months, said Richard Clarke, special advisor to the President for cyberspace security. “Since there is a very significant body of telecommunications engineering and acquisition experience at the GSA, I have asked GSA Administrator Steve Perry for his support.”
The GSA envisions a dedicated network that will carry encrypted data, but not use encrypted routing. It wants a turnkey solution that will be operated by a contractor around the clock. As well, all components must be located in the U.S. or Canada.
The government is clearly on a fast track. Proposals are due to the GSA by Nov. 24.