Interior report at odds with court testimony

Interior secretary Gale Norton told the Office of Management and Budget this month that the department's financial systems are riddled with security weaknesses, even though she had told the U.S. District Court for the District of Columbia that they were secure.

Norton's statements to OMB in the department's Financial Management Report and Strategic Plan for fiscal 2004 through fiscal 2008 came to light in a Sept. 17 filing by the plaintiffs in Cobell v. Norton. The seven-year-old litigation over Interior's mismanagement of American Indian trust funds hinges in large part on whether the department has secured its systems from hacking.

Several Interior systems remain disconnected from the Internet because of court orders issued in the case.

Norton wrote to OMB on Sept. 8 that 'the department has not established access controls that limit or detect inappropriate access to information technology systems and related resources, thereby increasing the risk of unauthorized modification, loss, or disclosure of sensitive or confidential data.'

Interior reported to OMB that the trust fund data is 'unreliable, inaccurate and inconsistent, and trust systems have been inadequate to comprehensively process trust data and support investment activities,' according to the plaintiffs' filing.

Norton made a contrary statement in an Aug. 11 court filing, saying Interior's 'IT systems are secure, for purposes of Internet connectivity ... and sufficient security measures are presently in place to protect from unauthorized Internet access.'

Last week, Interior spokesman Dan Dubray said he could not comment on the plaintiffs' Sept. 17 filing because he had not reviewed it.

Interior told the court Aug. 27 that it would justify the reconnection of its systems to the Internet by providing summaries of its security testing.

The court first ordered Interior to sever its Internet connections in December 2001 after court contractors proved that trust accounts could be hacked. This past July, the court issued a new cutoff order and told Interior to explain why it has reconnected most of its systems to the Internet.

Interior responded with a plan under which it would provide security details including network maps, comparison with a list of the top 20 vulnerabilities of computer systems, a vulnerability assessment and penetration testing.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected