Comment from email: Comments of AT&T on Federal IT Modernization Report

[konklone]

Please find attached the Comments of AT&T Services on the REPORT TO THE PRESIDENT ON FEDERAL IT MODERNIZATION.

Please do not hesitate to contact me with any questions regarding this submission .

Respectfully submitted,

Robert C. Barber Assistant Vice-President and Senior Legal Counsel AT&T Services, Inc. Comments of AT&T Services, Inc..pdf

[konklone]

[Inlining a best-effort version of the attached comment below. If there were links in the original, they are not maintained in the below version. Download the original attachment in the issue above to see the original comment.]

---

                            Comments of AT&T Services, Inc. on
                 REPORT TO THE PRESIDENT ON FEDERAL IT MODERNIZATION

AT&T appreciates the opportunity to comment on the American Technology Council’s (ATC) Report to the President regarding the modernization of Federal Information Technology (IT) in accordance with Executive Order 13800. As a long standing Federal partner, AT&T supports the ATC’s –and the White House’s -- overall efforts to modernize Federal IT, and in particular its efforts to improve the Federal Government’s cybersecurity posture.

AT&T is a global leader in helping government and businesses re-define how they consume and deliver information and communications technology services. We provide a wide range of communications and information services—from industry-leading networks, to cloud computing, to mobile applications and entertainment services—to enterprises and consumers throughout the country and around the world. In these dynamic marketplaces, invention and innovation are keys to growth. AT&T leads the industry in a variety of new technologies including leveraging cloud technologies and virtualization in the network. We can offer these services while reducing capital and operational expenses, and achieving significant levels of operational automation.

In addition to delivering the latest in telecommunications technologies to America’s citizens and industries, AT&T has a long history of partnering with all levels of government. At the Federal level, AT&T has been a member of the President’s National Security Telecommunications Advisory Council (NSTAC) since its inception in 1982. In that role we have participated in a variety of studies related to Federal IT systems. AT&T also has been – and continues to be -- a long standing, trusted source of network enabled solutions for the Federal government. For example, AT&T was the first Networx contractor to offer a certified and fully operational Trusted Internet Connection (TIC) solution, and we are one of four service providers currently offering the Enhanced Cybersecurity Services (ECS) to both federal agencies and critical infrastructure providers. We also are an E3A/Einstein program supplier. Moreover, AT&T was recently awarded the 25-year contract to operate the First Responder Network Authority or FirstNet. AT&T is also an Enterprise Infrastructure Services (EIS) provider to the Federal government.

Thus, as the Administration considers modernizing Federal IT, AT&T can provide a high level of expertise and lessons learned that will help inform the Federal government in its IT modernization efforts. Given that perspective, AT&T appreciates the Administration’s efforts in support of Federal IT modernization, which is critical to improving Federal government cybersecurity. We agree with many of the priorities outlined in the ATC Report, including the concept of network modernization and consolidation, the prioritization of high-risk, high-value assets, and the modernization of the National Cybersecurity Protection System (NCPS) program to enable cloud migration. In addition to those items, the Report should also focus on the value that can be derived from the use of managed intelligent networking solutions and layered security as agencies migrate to the cloud.

AT&T offers the following proposals for refining and enhancing the ATC Report’s recommendations:

Managed Services and New Operating Models

• Government should leverage commercial managed network services. Commercial managed services can provide a similar and, in some cases, superior solution to shared services between agencies. Leveraging commercial services can provide government the benefits of scale and modernization while avoiding the unique agency-specific implementation and silos that often  burden government procurements. The Administration can build on successful migrations to commercially managed services, which have demonstrated the efficiency, effectiveness, and prudence of outsourcing major information and communications technology services to industry.

• Government should embrace centralized shared services. In combination with commercial services, capabilities like authentication, access management, threat analytics, vulnerability management, security audit, and application security orchestration are all worth considering as shared services. Provisioning shared services through a highly capable department (or select group of departments) for the benefit of other agencies across the federal government would allow agencies to focus on their core mission and prioritize their capabilities while relying upon a centralized provider for basic functionality.

• Dedicated Funding for Federal IT Modernization. Additional dedicated funding is necessary to create the new modernized Federal IT system while those systems continue to function during a transition stage. The Modernizing Government Technology (MGT) Act’s proposed allocation of $500M would be an excellent start.

Security

• Overlaying cloud services on the existing model will enable better security. The federal government can achieve many of the security benefits outlined in the Report and successfully migrate services to the cloud by overlaying cloud services on the TIC architecture. Accessing the cloud across a private network will allow government to continue to obtain economies of scale when buying from the Networx contract and the added security at the network layer, while still migrating many applications to the cloud and achieving the objectives of Executive Order 13800. A cloud overlay will also help ensure continuity of operations and services, in particular with the recent EIS contract.

• The Administration should take a layered approach to security. The Report suggests moving the TIC function to virtual appliances at each Agency cloud provider and separating the security stack from their application stack within each cloud provider. All traffic would transit the public Internet. However, that approach could have the unintended consequence of exacerbating the same agency cybersecurity challenges that the ATC is looking to address, as it would increase the attack surface because each cloud provider will have to provide the virtual security appliances currently offered via the TIC architecture. Increasing the number of access points and relying solely on encryption will not materially improve security. A better security model is to route government traffic directly through a virtual private network to a cloud provider--without ever touching the public Internet. This adds a layer of security and avoids potential risks introduced by relying on the public Internet.

Network Innovation • Software Defined Networking. AT&T is deploying innovative network technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV) that provide a more secure and resilient network infrastructure. We also are incorporating augmented reality and artificial intelligence into our services. The Report should incorporate network innovation as a key component of a robust Federal IT modernization program. Federal IT modernization initiatives should not be overly prescriptive, as such an approach would likely inhibit, or even prevent, the flexible adoption of emerging technologies by government agencies.

• Legacy Application Migration. Many agency applications were never developed to operate in a virtualized environment. Older applications cannot move to a virtual environment without significant investment, which might not be feasible. The Administration should review the security, cost, and functional benefits of making changes to legacy applications. This may require an application-by-application level review within agencies. It is important to ensure that the Administration is not creating a mandate for unnecessary change. In at least some areas, federal government agencies can build upon what has already been developed.

In conclusion, we appreciate the Administration’s focus on Federal IT modernization. We believe that the report is moving in the right direction but should include additional focus on both commercial services and how intelligent networks can contribute to both innovation and better security for Federal agencies. We look forward to working with the Administration as they continue to develop recommendations on this important issue.