BIA bolsters security with new network center

CIO Brian Burns says existing systems that carry out trust asset management functions rely on software that in many cases is more than two decades old.

Susan Whitney-Wilkerson

In the Bureau of Indian Affairs' dimly lit Network Operations Command Center, dozens of bureau employees field calls from agency IT users while security specialists monitor large overhead screens displaying network traffic, news reports and national weather conditions that can affect system operations.

The Interior Department agency has been overhauling its security at an accelerated pace over the past two years, partly in response to mandates from the U.S. District Court for the District of Columbia. Court orders have kept BIA offline since December 2001 because of a lawsuit over the government's management of American Indian trust assets and the court's discovery that outsiders could easily hack into trust accounts.

BIA officials point to the center as one example of how the agency is thoroughly overhauling its systems security.

The network center monitors the bureau's WAN and LANs as well as the agency's applications, said Brian Burns, the bureau's CIO and deputy assistant secretary for IRM.

Network center specialists can monitor the status of individual systems attached to agency networks down to the level of how many pages an individual printer has generated, he said.

The command center uses a suite of network control tools, including Network Discovery and ServiceCenter from Peregrine Systems Inc. of San Diego. The center has 53 PCs, about 30 of which are used now, with the rest set aside for future use.

'We have reached the first plateau and are working to reach the next plateau' of the overhaul, Burns said.

The facility's Security Operations Command Center monitors network traffic performance, responds to incidents and detects potential intrusions.

Burns said bureau officials have created new management structures as part of the IT reform. They include a Program Management Support Office led by Allan Roit, BIA's deputy CIO. The program management office tracks the schedule, scope and budget of projects, and trains staff.

Other changes include adoption of configuration management methods and enterprise architecture procedures.

Trust trouble

One of the most difficult tasks BIA faces is overhauling the Trust Asset Accounting Management System, which tracks funds in American Indian trust accounts. Troubles with TAAMS'and disputes between Interior and the lawsuit plaintiffs over how the system worked or didn't work'lie at the heart of the trust litigation, Cobell vs. Norton.

Burns said existing systems that carry out trust asset management functions rely on software that in many cases is more than two decades old and uses Cobol and other outdated technologies. Because of their age, these tools also are increasingly expensive to maintain, he said.

BIA has a two-stage plan to move TAAMS forward: Consolidate existing trust systems onto a single network and use an online system with rigorous security features.

Meanwhile, despite being disconnected from the Internet, BIA has rebuilt its Web site and hired Syneca Research Group Inc. of Washington to host it.

BIA has spent about $10 million to upgrade its network, and $2 million on the building where the command center is housed, Burns said. About 140 workers, divided almost evenly between federal and contract employees, carry out BIA work at the Northern Virginia location. After several months of planning and construction, BIA activated the center in September.

Burns said BIA has sought to hire vendors owned by American Indians, such as Cherokee Information Services Inc. of Arlington, Va.; Wyandotte NetTel of Wyandotte, Okla.; Integrated Concepts and Research Corp. of Chantilly, Va.; and Syneca.

The bureau's security measures haven't yet convinced the court or the plaintiffs that the trust assets are secure, however.

'As far as security issues, our difficulty is that every time they have been online and tested the systems, it has been demonstrated that they have been able to be breached,' said Keith Harper, a lawyer with the Native American Rights Fund.

'I understand from tribal elders who have visited the facility that it looks good,' Harper said. 'I think that the point is that it has to work to do what it is intended to do. All independent reports say [BIA is] far from reaching the government's own security standards or commercial fiduciary standards.'

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above