Interior says its systems are OK to stay on Web
- By Wilson P. Dizard III
- Aug 18, 2003
The Interior Department is attempting to buy some breathing room and keep alive most of its system links to the Internet.
In an Aug. 11 filing, the Interior and Justice departments told U.S. District Judge Royce C. Lamberth that no additional Interior systems should be cut off from the Internet because they all fall under the three exceptions outlined in a recent court order mandating Interior unlink its systems from the Net.
In the order last month, Lamberth told the department that systems could remain online only if they met one of three criteria:
- They do not contain American Indian trust data.
- They are needed for essential fire control or public safety functions.
- The department certified them as secure.
About 20 percent of Interior's systems already are disconnected from the Internet under a previous court order and will remain so to protect American Indian trust fund data from tampering, department officials said.
Interior's disconnection orders arose from a 7-year-old legal dispute alleging department mismanagement of the trust funds. The plaintiffs in Cobell vs. Norton are seeking billions of dollars from the government to make up for financial losses they say result from Interior's mismanagement. Lamberth two years ago first directed Interior to remove its systems from the Internet.
Late last month, the judge issued a preliminary injunction granting the plaintiffs' request that Interior cut off its Internet connections again [GCN, Aug. 4, Page 9]. But Lamberth qualified his ruling by giving Interior a grace period to detail whether some systems should remain online.CIOs meet
In the Interior filing, the department included a declaration from associate deputy secretary James E. Cason that he convened a July 29 meeting of Interior CIOs to discuss the injunction.
Based on the meeting, Interior concluded that 'none of its currently connected systems required immediate disconnection,' Cason said.
He noted that most trust systems, such as those managed by the Bureau of Indian Affairs, Office of the Special Trustee, and Office of Hearings and Appeals, had remained offline since the original December 2001 order.
Lamberth issued the earlier order after court consultants showed that Interior's trust accounts could be accessed by hackers.
In the period since the first order, the judge has let Interior reconnect many of its systems to the Internet after court officials and consultants verified their security.
Cason noted in the declaration that Interior 'does not recognize there to be a fixed test or set of standards, guidelines or technologies that distinguish between an IT system that is 'secure' and one that is 'not secure.' Interior has not found a uniformly accepted minimum standard within the federal government for IT information security or for Internet connectivity security.'
The department's filing included descriptions of the security of dozens of systems as well as justifications and certifications of each system's security status. The filing also described the test procedures Interior uses.
Mark Kester Brown, a lawyer for the plaintiffs, said, 'It is interesting that they haven't come up with a definition of security, and one of their documents says it is a moving target.'