Court, Justice clash over Interior's system security

The U.S. District Court for the District of Columbia has lambasted the Justice Department for allegedly putting roadblocks in the way of testing the Interior Department's systems security.

The clash has become part of the case of Cobell et al. v. Norton et al. The American Indian plaintiffs are suing Interior for tens of billions of dollars in resource royalties and other Indian trust revenues lost through federal mismanagement. (Click for GCN background story)

The court cut off Interior's Internet connections in December 2001, following the discovery that American Indians' trust fund accounts were vulnerable to hacking.

The court has permitted Interior to restore most of its connections after upgrading security, but the Bureau of Indian Affairs is still cut off from the Internet.

Judge Royce C. Lamberth delegated oversight of Interior's efforts to protect American Indian trust data to a court official, Alan Balaran. Balaran in turn hired contractor Security Assurance Group of Annapolis, Md., to perform penetration testing of Interior systems, identify vulnerabilities and review systems security data.

In an exchange of letters and e-mail this month, Justice's Civil Division told Security Assurance Group that it would not provide additional security data or allow penetration testing because Interior had not agreed to what the division called the 'rules of engagement' for the tests.

Justice also said it was considering whether to stop providing security test data to the contractor because of the cost.

Balaran replied that a December 2001 consent order negotiated by Interior with the court after the Internet cutoff did not limit the cost of providing security information to the court.

Balaran also said it was unacceptable for Justice to argue about the rules of engagement. He ordered the Justice and Interior departments to continue supplying the security testing data.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.