Court Order Shuts Down Dept. of Interior Web Sites

Computerworld - Data in systems at the U.S. Department of the Interior (DOI) went from being exposed online to being completely cut off from the Internet in a matter of days, as the result of a U.S. District Court order.

Most government agencies have gotten poor grades on their Internet security, which a former DOI CIO said was almost nonexistent at his agency.

In September 2000, a House of Representatives subcommittee gave the DOI and several other agencies a failing grade on security. No agency received better than a "C." But the DOI is the only agency that has been forced off-line.

The DOI was singled out for its poor security because it was in violation of an order issued two years ago by the U.S. District Court for the District of Columbia that required the agency to do a better job of managing the accounts in the Individual Indian Monies Trust.

Judge Royce C. Lamberth, ruling on a class-action lawsuit against the department in 1999, found that there was almost no accounting of the funds the government was supposed to pay and hold in trust in exchange for the use of Indian tribal lands.

Now the plaintiffs, led by Eloise Cobell of the Blackfeet tribe, have obtained a temporary restraining order that keeps trust data shut off from the Internet.

Wide-Reaching Effects

Lamberth ruled Dec. 5 that the DOI must "immediately disconnect from the Internet all computers within the control of the Department of the Interior, its employees and contractors that have access to [Individual Indian Monies Trust] data."

In response, the DOI shut down its entire Web presence, including external e-mail.

"We're trying to utilize fax systems in the interim," DOI spokesman Mark Pfeifle said. He couldn't say how many subordinate agencies were directly connected to the Individual Indian Monies Trust, if any, nor could he say when the DOI would resume full access to the Internet.

"Our ability to conduct a large portion of our daily business has been impacted," said Deputy Secretary of the Interior J. Steven Griles.

By late last week, the agency had been able to put only a few pages from its primary site back on the Internet, and all of its subordinate agencies, except for the U.S. Geological Survey (USGS), remained off-line. The USGS was the only agency within the DOI to go back online early in the week, because it runs critical alert systems for natural disasters and terrorist-related activities over the Internet, according to DOI statements.

Lamberth's ruling came as the result of an investigation by Special Master Alan L. Balaran, who was appointed by the court to investigate security on the DOI's systems. According to court documents, he found that access to most of the DOI's network resources "is protected only by user IDs and passwords. No other access control mechanisms, such as firewalls, VPNs or strong authentication, are implemented."