Moving from a one-size-fits-all approach to a customizable security solution.

The Iowa Communications Network (ICN) has successfully completed a major upgrade to its Firewall platform.  The upgrades include new firewall hardware, firewall segmentation, and enhanced security capabilities for Iowa’s state government agencies.

Over the years, the security landscape has changed, and customer needs have expanded. This led to ICN’s decision to shift from a one-size-fits-all approach, for the State Firewall, to a more tailored and customizable security solution for each government agency.  To better serve our users and protect government data, ICN decided to implement a firewall platform that segments each customer's network, moving away from the previous centralized State Firewall system. The Department of Management, Division of Information Technology (DOM DoIT) has also increased their capabilities, giving agencies other standalone firewall options.

The project was split into two parts, designed to provide each participating agency with its own physical or virtual firewall. Now each agency has its own individual security solution and can customize firewall rules and allows for maintenance without impacting everyone. With the earlier firewall system, when maintenance was necessary or an outage occurred, all customers connected would be affected. Also, the firewall rules were tied together, so granting access to one agency would automatically allow access for all.

ICN’s Director of Networking and Engineering, Patrick Kazeze explains, “We are getting rid of the big target of a centralized firewall, that would potentially take everyone down,” said Kazeze. “With a reduced and broken up surface area, it limits the challengers’ ability to move around vertically between government agencies, minimizing the spread of potential security attacks, so we have much better containment.”

The collaboration was between ICN and Palo Alto, providing flexibility by integrating granular rulesets and policies unique to each participating State agency. The first phase resulted in the separation of the firewall platform into four segments. ICN and two customers were moved onto their own appliances, while 17 agencies previously behind the State Firewall were migrated to Palo Alto. The second phase included further segmenting those additional agencies into their own firewalls. There is still some minor clean-up work to do, but all customer Internet traffic has been officially migrated to the customers’ individual security appliance.

Since 1998, ICN has operated the State Firewall service at no cost to Iowa’s Executive and Judicial government branches. In order to have a secure and protected Network for government data, ICN received appropriated funding for this project in Fiscal Year 2021, which ensured the continuation of critical cyber protection for State government agencies. By wrapping up this significant project, ICN not only improves the security of the State government agencies and itself, but also reduces ongoing expenses.

With this security momentum, ICN is looking ahead to providing additional capabilities such as: intrusion prevention, content filtering, anti-malware, and more. Additionally, in order to assist with traffic and alert monitoring, ICN will continue to collaborate with the DOM DoIT in Iowa and exchange data from the new systems.