Interior report at odds with court testimony
- By Wilson P. Dizard III
- Sep 22, 2003
Interior secretary Gale Norton told the Office of Management and Budget this month that the department's financial systems are riddled with security weaknesses, even though she had told the U.S. District Court for the District of Columbia that they were secure.
Norton's statements to OMB in the department's Financial Management Report and Strategic Plan for fiscal 2004 through fiscal 2008 came to light in a Sept. 17 filing by the plaintiffs in Cobell v. Norton. The seven-year-old litigation over Interior's mismanagement of American Indian trust funds hinges in large part on whether the department has secured its systems from hacking.
Several Interior systems remain disconnected from the Internet because of court orders issued in the case.
Norton wrote to OMB on Sept. 8 that 'the department has not established access controls that limit or detect inappropriate access to information technology systems and related resources, thereby increasing the risk of unauthorized modification, loss, or disclosure of sensitive or confidential data.'
Interior reported to OMB that the trust fund data is 'unreliable, inaccurate and inconsistent, and trust systems have been inadequate to comprehensively process trust data and support investment activities,' according to the plaintiffs' filing.
Norton made a contrary statement in an Aug. 11 court filing, saying Interior's 'IT systems are secure, for purposes of Internet connectivity ... and sufficient security measures are presently in place to protect from unauthorized Internet access.'
Last week, Interior spokesman Dan Dubray said he could not comment on the plaintiffs' Sept. 17 filing because he had not reviewed it.
Interior told the court Aug. 27 that it would justify the reconnection of its systems to the Internet by providing summaries of its security testing.
The court first ordered Interior to sever its Internet connections in December 2001 after court contractors proved that trust accounts could be hacked. This past July, the court issued a new cutoff order and told Interior to explain why it has reconnected most of its systems to the Internet.
Interior responded with a plan under which it would provide security details including network maps, comparison with a list of the top 20 vulnerabilities of computer systems, a vulnerability assessment and penetration testing.