IG says Interior lacks control of its Web sites

The Interior Department inspector general is recommending that the department overhaul its Web operations.

Interior needs to 'control the current unmanaged growth of Web sites, reduce security risks, comply with federal guidelines such as those governing privacy and focus on its customers,' according to an IG report (PDF).

The IG recommended that the department redesign its Web sites to focus on customers, enhance security, maintain privacy, reduce duplication and control costs.

The IG report, issued last month, faulted Interior because it lacks a comprehensive inventory of Web sites and other components supporting Interior sites, such as files, subdirectories, operating systems, routers, switches, firewalls and servers.

The audit investigators used a Web crawler to estimate that Interior has about 31,000 sites that account for between 3 million and 5 million pages of information. The report said Interior spends upwards of $220 million annually to maintain its Web presence on about 1,100 domains.

Interior 'has an excessive amount of duplicated, inconsistent, outdated and redundant information on its Web sites,' the report noted. Thousands of sites run by Interior's seven largest bureaus present duplicate information, the IG said.

Interior's Web security problems flow from 'the lack of uniform Web security policies, procedures and controls and the lack of standard configuration management,' the investigators found.

External users easily can identify network devices using network surveying tools, the report said and detailed how the audit team had identified two servers, two e-mail servers, six firewalls and 12 File Transport Protocol servers on three Bureau of Land Management networks.

Despite the criticisms, the report noted some improvements in the department's Web programs, namely, that Interior created an e-government strategy team, built an enterprise architecture and issued Web security policies.

Department officials have not responded to a request for a comment on the IG's findings.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.