Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 03/22/04 issue

Judge again orders Interior to take systems offline

By Wilson P. Dizard III, GCN Staff

Efforts over the past 28 months by Interior Department systems professionals to fortify the department’s IT security have failed to satisfy a federal judge, who ordered Interior to disconnect nine agencies from the Internet.

The U.S. District Court for the District of Columbia last week reprised its actions of December 2001, when it ordered almost all Interior systems offline after court consultants found that American Indian trust data could be easily hacked over the Internet.

The new order is the latest chapter in the saga of Interior’s efforts to secure its systems and protect the trust data. The department last year worked to shore up its cyberdefenses but still received a failing grade from Congress.

Interior CIO W. Hord Tipton has said security upgrades at the department greatly reduced IT vulnerabilities. Nonetheless, Interior earned an F grade in systems security from the House Government Reform Subcommittee on Technology, Information Policy Intergovernmental Relations and the Census.

But the department certainly wasn’t alone in its security failures. Seven other Cabinet agencies received F grades as well.

“I don’t think it’s just Interior,” said Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee. “These things just keep happening.”

Interior shuttered most of its online links but complained bitterly about the decision of Judge Royce C. Lamberth.

“This latest order, disconnecting DOI’s IT systems, is a new frontier in this court’s efforts to run the operations of executive branch agencies,” according to a department statement. “Going where no previous order has gone before, the court has ruled, with very few exceptions, that the public’s connection to the entire department via the Internet be shut down whether Indian trust data is available or accessible on those DOI systems or not.”

The statement noted that Lamberth’s order would shut down the Ed Net system that links Bureau of Indian Affairs schools, depriving Indian students of access to the Internet.

Not protected

Lamberth included this latest disconnection mandate in a preliminary injunction order related to the case of Cobell v. Norton. The judge concluded Interior’s system security upgrades, procedures and plans fail to protect the American Indian trust data.

Lamberth barred Interior from reconnecting any systems offline since the court’s December 2001 order.

He also specifically ordered Interior to immediately disconnect Internet links for systems at nine agencies. After providing security assurances and with the approval of the court following earlier disconnection orders, Interior had reconnected many systems belonging to these agencies.

The only systems exempted from the order are those essential to the protection of life or property. Additionally, the systems used by the Geological Survey National Park Service and Office of Policy Management Budget can maintain their links.

The injunction said Interior must submit a plan for reconnecting all its systems based on a uniform standard for evaluating security and for using an independent organization to oversee systems security.