Interior struggles to restore its Web presence

Interior struggles to restore its Web presence

Court ordered shutdowns because of vulnerabilities in trust fund databases; many sites have been down for a month

The Interior Department limped into the new year with drastically curtailed Web operations, as officials worked under a court order intended to protect American Indian trust fund accounts from exposure to possible hacking via the Internet.

U.S. District Court Judge Royce C. Lamberth issued an order Dec. 5 requiring the department to disconnect its systems from the Internet. The order stemmed from longstanding litigation, known as Cobell v. Norton, over mismanaged American Indian trust funds and the vulnerability of trust fund databases to computer hackers.

After an emergency hearing, Judge Lamberth on Dec. 8 let the department reconnect Internet service to the National Fire Information Center and the Geological Survey. USGS issues disaster warnings for earthquakes, landslides, floods and similar emergencies over the Internet. The fire center uses the Internet to help run a fire protection system and coordinate firefighting agencies.

Service will resume only when a court-appointed special master certifies that the department has properly secured the trust fund databases. Interior spokesman John Wright could not say when that would be.

Despite intensive work by Interior IT specialists, on Jan. 2 several agencies still lacked any Web presence: the Indian Affairs, Land Management and Reclamation bureaus; the Fish and Wildlife, Minerals Management and National Park services; and the Surface Mining Office.

Hearing scheduled

The House Resources Committee, which oversees the department, issued the following statement: 'Interior staff are working 24-7 to review each of their agencies' Web sites, make sure all needed firewalls are in place, and get everything up and running again.'

US Department of the Interior
The Interior Department's home page greets visitors with an advisory stating the reason for its closed sites.


'We're in touch with them and getting regular updates on their progress,' a committee representative said. 'They are working as fast as they can. In the meantime, the popularity of the fax machine has soared to new heights over there.'

The committee plans to hold a hearing Feb. 6 on the troubled trust fund. 'A half-dozen administrations have tackled this problem with varying degrees of success,' the committee said.

Judge Lamberth's decision came after he unsealed a report by court-appointed special master Alan L. Balaran in the American Indian trust fund litigation. The report detailed years of failure by Interior to secure the trust fund data.

According to the special master's report, at least 30 other reports'from organizations such as Interior's inspector general, the General Accounting Office, congressional panels and private consultants'have found serious security problems with the trust fund databases as well as other system malfunctions and mismanagement.

Security flaws

Among the most serious flaws in the system are the 'trivial' passwords used to protect the data and the lack of firewalls to shield the system from hacking via the Internet, according to consultants' analyses of the databases cited in the report.

Balaran hired Predictive Systems Inc. of New York to test the security of the trust fund databases. The consultants succeeded in penetrating the system on their first attempt, according to the report.

On their second try, the Predictive Systems specialists made a point to use only free tools and utilities that were available on the Internet.

They succeeded in changing an existing account, the report said.

The report cited statements by Dominic Nessi, former systems chief at the Bureau of Indian Affairs, that the system had no security and 'can be breached by a high school kid.'

As part of its efforts to improve the databases' security, Interior also hired Predictive Systems as a consultant.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above