IG: Interior faces possible IT security catastrophe

IG: Interior faces possible IT security catastrophe

Some Interior Department systems that house American Indian trust data
are so easy to penetrate, according to the department's inspector
general, that they potentially could cause "severe or catastrophic"

Poor computer security has been a long-running issue in a federal court
case over the government's loss of billions of dollars of assets held in
trust for American Indians.

An Interior spokeswoman said she could not comment on legal issues but
noted that the department has been consistently upgrading its system

Interior has released an extensively redacted version of the 86-page
report. Computer specialists working for the IG pinpointed 24 servers
that hold Indian trust data and said they were able to penetrate two
servers and gain full, undetected access to the Bureau of Land
Management's internal networks and intranet.

The auditors made several systems security recommendations, saying that
if BLM did not adopt them quickly, it should disconnect its systems from
the department's networks.

Scott Miles, a computer security expert Interior hired, earlier this
week testified about poor BLM computer security in the case of Cobell
vs. Interior secretary Gale Norton. Plaintiffs in the 9-year-old lawsuit
contend that the American Indian trust accounts are vulnerable to
external attacks as well as a more serious risk of internal theft.

Miles said he agreed with Dennis M. Gingold, lead attorney for the
plaintiffs, about the severity of the internal threat.

Tina Kreisher, Interior's communications director, said, "The thing to
remember is that we asked the IG to do this study. We are concerned
about IT security. This study was a way of helping to test it. As this
plays out and we discover flaws, we fix them."

The Cobell plaintiffs seek to convince Judge Royce Lamberth of the U.S.
District Court for the District of Columbia that the Interior computers
housing trust data should be disconnected from the Internet or shut down
until the security flaws are repaired. Gingold and other plaintiff
attorneys also contend that the security problems have made it
impossible for Interior to properly account for the trust funds.

The federal government has been managing revenues from American Indian
natural resources such as oil, coal, gas, pipeline rights-of-way and
timber since 1887. The Cobell plaintiffs contend that the federal
government owes the 500,000 trust beneficiaries upward of $100 billion
in restitution for assets stolen or wasted.

Lamberth ordered Interior to disconnect almost all its systems from the
Internet in December 2001 and considered doing so again last year [see
GCN coverage].

Lamberth's first disconnection order also was prompted by the discovery
of system security flaws. In the intervening years, Interior IT
executives have upgraded system security, and Lamberth has progressively
allowed more of the systems to be reconnected.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.