Court, Justice clash over Interior's system security
- By Wilson P. Dizard III
- Jun 27, 2003
The U.S. District Court for the District of Columbia has lambasted the Justice Department for allegedly putting roadblocks in the way of testing the Interior Department's systems security.
The clash has become part of the case of Cobell et al. v. Norton et al
. The American Indian plaintiffs are suing Interior for tens of billions of dollars in resource royalties and other Indian trust revenues lost through federal mismanagement. (Click for GCN background story)
The court cut off Interior's Internet connections in December 2001, following the discovery that American Indians' trust fund accounts were vulnerable to hacking.
The court has permitted Interior to restore most of its connections after upgrading security, but the Bureau of Indian Affairs is still cut off from the Internet.
Judge Royce C. Lamberth delegated oversight of Interior's efforts to protect American Indian trust data to a court official, Alan Balaran. Balaran in turn hired contractor Security Assurance Group of Annapolis, Md., to perform penetration testing of Interior systems, identify vulnerabilities and review systems security data.
In an exchange of letters and e-mail this month, Justice's Civil Division told Security Assurance Group that it would not provide additional security data or allow penetration testing because Interior had not agreed to what the division called the 'rules of engagement' for the tests.
Justice also said it was considering whether to stop providing security test data to the contractor because of the cost.
Balaran replied that a December 2001 consent order negotiated by Interior with the court after the Internet cutoff did not limit the cost of providing security information to the court.
Balaran also said it was unacceptable for Justice to argue about the rules of engagement. He ordered the Justice and Interior departments to continue supplying the security testing data.