IG says Interior lacks control of its Web sites

The Interior Department inspector general is recommending that the department overhaul its Web operations.

Interior needs to 'control the current unmanaged growth of Web sites, reduce security risks, comply with federal guidelines such as those governing privacy and focus on its customers,' according to an IG report (PDF).

The IG recommended that the department redesign its Web sites to focus on customers, enhance security, maintain privacy, reduce duplication and control costs.

The IG report, issued last month, faulted Interior because it lacks a comprehensive inventory of Web sites and other components supporting Interior sites, such as files, subdirectories, operating systems, routers, switches, firewalls and servers.

The audit investigators used a Web crawler to estimate that Interior has about 31,000 sites that account for between 3 million and 5 million pages of information. The report said Interior spends upwards of $220 million annually to maintain its Web presence on about 1,100 domains.

Interior 'has an excessive amount of duplicated, inconsistent, outdated and redundant information on its Web sites,' the report noted. Thousands of sites run by Interior's seven largest bureaus present duplicate information, the IG said.

Interior's Web security problems flow from 'the lack of uniform Web security policies, procedures and controls and the lack of standard configuration management,' the investigators found.

External users easily can identify network devices using network surveying tools, the report said and detailed how the audit team had identified two servers, two e-mail servers, six firewalls and 12 File Transport Protocol servers on three Bureau of Land Management networks.

Despite the criticisms, the report noted some improvements in the department's Web programs, namely, that Interior created an e-government strategy team, built an enterprise architecture and issued Web security policies.

Department officials have not responded to a request for a comment on the IG's findings.


  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected