Sep 06 2022
Security

Classified Agencies Can Begin to Rely on Secure Commercial Products

COTS and Commercial Solutions for Classified bring more variety — and security — to intelligence community network projects.
by

Josh Weiner is vice president of defense and intelligence for Sirius Federal, a CDW•G company.

In the world of classified information, you need people on the inside — actual humans who can find the best information and get it to you efficiently and without a lot of drama, people who have proved to be trustworthy and excellent at their jobs.

In the world of information technology associated with classified information, it’s much the same.

The intelligence community (IC), much like the rest of the federal government, is beginning to rely more on third-party providers of IT solutions rather than handling deployments and servicing in-house. It may seem counterintuitive, but having a regular, full-time team of outsiders onsite to do those jobs can minimize security issues and, in many cases, get the work done more quickly.

Agencies noticed that it could take longer for IC-based solutions to be developed, tested and deployed than it did to buy and deploy commercial off-the-shelf (COTS) solutions.

The IC also found that solutions built in-house could be hard to manage, and only a small number of people understood how they worked. If any of those people left the agency or retired, finding someone with the same knowledge on the same system was difficult.

The pendulum hasn’t swung completely in the direction of COTS, but the IC has made a lot of changes in terms of how much commercial IT is used as modernization continues. Third-party vendors have noticed, and they are making it simpler for the government’s secret squirrels to work openly.

Click the banner to receive curated content by becoming an Insider.

INSIDER_FT_cyberattack INSIDER_FT_cyberattack

COTS Has Become a Practical IT Solution

The National Security Agency’s Commercial Solutions for Classified (CSfC) program provides a solid starting point for agencies who need solutions that work in classified environments.

The NSA, like other government agencies setting the tone for their colleagues, is promoting agility and faster deployment of new solutions. Its CSfC program certifies commercial network solutions that agencies can use to create secure, encrypted networks that protect classified National Security Systems (NSS) data.

This makes a COTS purchase more palatable for the IC because those products and solutions have been vetted to ensure their security in a classified setting.

EXPLORE: How the Army leveraged Commercial Solutions for Classified for workers.

Today, that peace of mind is even more critical. With the dual pressure of the White House mandate to create zero-trust environments by 2024 and the threat of cyberattacks from Russian-affiliated hackers, all federal agencies are looking to button down their networks. Add the sudden and necessary rush to telework in early 2020 — a practice unheard of in the IC — and tight security in the classified world is even more essential.

As telework has become part of the federal work routine, intelligence agencies are looking to maintain practices that they established on an emergency basis.

It looks as though telework wasn’t the open backdoor for malicious actors that many had feared, but it has put a strain on agencies to maintain a strong security posture and still get day-to-day work done. Third-party vendors, CDW•G among them, are developing new solutions to support the IC in those efforts.

Teamwork Is Essential in Upgrading Classified Technology

At CDW•G, we’re putting together an enterprise cross-domain access solution that has zero trust baked in. It allows a user to access from anywhere the various networks needed from one device, rather than requiring a classified device for the classified network and an unclassified one for the open network.

In this situation, the agency provides an approved solution framework, and we’ll look for the COTS products and solutions to create a flexible, nonproprietary environment that satisfies all of the agency’s security requirements. It’s a cost-effective way of working that we deliver by putting best-of-breed solutions together to deliver a seamless user experience.

REVIEW: How the DOD 5G investment is helping military training efforts.

Having staffers experienced working in IC environments allows us to be an effective partner. The last thing a customer wants to deal with is a company that doesn’t understand the intricacies of what it takes to work hand in hand.

A lot of that understanding comes from hiring people with the necessary security clearance levels — and the commensurate understanding of how the customer operates. We develop people who have both the technological skills and the clearances necessary to understand the mission.

This article is part of FedTech’s CapITal blog series. Please join the discussion on Twitter by using the #FedIT hashtag.

CapITal blog logo

FangXiaNuo/Getty Images

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now