OMB official: Large agencies better suited as Internet hosts

Federal agencies may not each need to operate their own access points to the Internet, a senior Office of Management and Budget official said on Monday.

Some agencies are not large enough to maintain the physical locations that house servers, routers and Internet service providers, said Karen Evans, OMB administrator of e-government and information technology, at an Industry Advisory Council meeting.

Larger agencies are better positioned to house the necessary infrastructure, Evans said. They also are more able to respond to network problems and provide service 24 hours a day, seven days a week, she said.

"Are our networks configured in the way that really helps us protect them while we are improving citizen services?" Evans asked. "And does it make sense for all of us to go about this in our own separate ways?"

The General Services Administration's new governmentwide telecommunications service contract known as Networx will give most agencies the opportunity to look at how they manage their computer networks, Evans said. GSA officials have said they plan to award contracts for Networx Universal, the largest part of the telecom procurement, this month. The second, smaller portion of the procurement, known as Networx Enterprise, is on track for awards in May.

Security measures required by OMB and the mandated upgrade to the next generation of the Internet, known as Internet Protocol version 6, are in the Networx contract, Evans said. This means the switch to the new contract presents an opportune time for agencies to improve their security in a cost efficient manner and comply with the IPv6 mandate, Evans said.

"We want to make sure that the agencies are [moving to Networx] in a way that improves our security at the best prices," Evans said. "If we plan now, we can get really good procurements and really good transitions."

The Networx contract also will give OMB a chance to look at how efforts to streamline IT infrastructure and information systems security across government are doing, Evans said. These lines of business initiatives are part of a broader effort to consolidate agencies' back-end IT systems.

In an attempt to move agencies beyond just complying with computer security laws and regulations, OMB is directing the creation of shared service centers, Evans said. The Environmental Protection Agency and the Justice Department will offer centers to help agencies meet the reporting requirements in a federal law -- the Federal Information Security Management Act.

She said agencies need to continue handing in their quarterly and annual reports on IT security, but some agencies do it better than others. Improving the ability to complete the reports will allow agencies to focus on responding to the reports, Evans said.

IT security training also varies across government, ranging from "click on this e-mail because you have read this statement" to extensive off-site training, Evans said.

The Office of Personnel Management, U.S. Agency for International Development and the Defense Department will provide shared service centers for security awareness training.

"Agencies won't have to recreate the wheel on a lot of the training aspects out there," Evans said.