News > DOI fares poorly on computer security report card

Indianz.Com. In Print.
URL: http://www.indianz.com/News/archives/002957.asp

DOI fares poorly on computer security report card
Thursday, December 11, 2003

For the fourth year in a row, the Department of Interior has been given an 'F' for computer security, one of the worst grades in all of federal government.

In their annual Federal Computer Security Report Card on Tuesday, lawmakers on the House Committee on Government Reform evaluated computer security measures at 24 agencies. They assigned letter grades and numeric scores based on how well each implemented and planned for the protection of critical information.

Based on Interior's score of 43, the department is one of the lowest-performing. Only four other agencies -- Agriculture (40), Homeland Security (35), Housing and Urban Development (40) and State (39.5) -- fared worse.

In court papers filed yesterday with the federal judge overseeing the Indian trust fund case, government attorneys pointed out that the department's score was as an improvement from 2002. It was. Last year, the lawmakers gave Interior a 37.

But the department is one of the few agencies whose progress has actually declined since the report card was first issued in 2000. Interior's score in that year was a dismal 17, the lowest of all agencies. The following year, the score jumped to 48.

The failing assessment reflects some of the major problems Interior has had in recent years. Even though the department, as a trustee, is responsible for the accurate collection and distribution of billions of dollars in Indian funds, information technology officials never put in security measures.

The weaknesses left Indian money prone to computer hacking. In the summer of 2001, security experts hired by a court investigator in the Cobell trust fund lawsuit were able to do just that. Without detection, a firm from New York broke into several computer systems that contain leasing, title, payment and other Indian trust data.

A Bureau of Indian Affairs subordinate in charge of the agency's computer network in suburban Washington, D.C., downplayed the attacks at the time. Top officials believed everything was fine and did nothing to change the situation.

But in November 2001, special master Alan Balaran released a detailed report on the security failings. The experts, he wrote, were able to breach the BIA and Interior network through an ordinary public Internet connection.

Those findings prompted U.S. District Judge Royce Lamberth, two years ago this week, to order Interior to disconnect the Internet connections of systems that house or have access to Indian trust data. Government officials responded by pulling the plug on every single computer -- including those that distribute payments to Indian and tribal beneficiaries.

The action left many without money for the holiday season. "[Secretary] Gale Norton is the Grinch who stole Christmas," a tribal leader said at the time.

Thanks to the addition of network firewalls and other measures, the systems have been restarted but they have not been reconnected ot the Internet. Neither have tens of thousands of computers used by BIA employees to carry out their jobs. According to a September 8, 2003, report Norton sent to the White House Office of Management and Budget, the department doesn't "have the necessary security capabilities to facilitate more open access via the Internet."

Despite Interior's woes, the agency is in comparable company. The overall grade for all 24 agencies on the report card was a 'D'.

"We must come to the stark realization that a major Achilles heel is our computer networks," said Rep. Adam Putnam (R-Fla), the chairman of the Government Reform subcommittee that compiles the report card. "Unfortunately, the history of our nation -- in heeding warnings of imminent danger -- doesn't lend itself to very much optimism."

The 2004 budget that was just signed into law contains major boosts for information technology at the BIA and throughout Interior. Indian programs were subject to an across-the-board cut to provide this money.

Get the Report Card:
2003 Federal Computer Security Report Card (December 9, 2003)

From the Indianz.Com Archive:
Report reveals attacks on tribal, Indian trust (12/5)
No Trust: Hacking the Department of Interior (12/5)
DOI Shutdown: 'We're Hurting Tribes' (12/7)
From the top, a gamble in trust (12/7)

Relevant Links:
Indian Trust: Cobell v. Norton - http://www.indiantrust.com
Cobell v. Norton, Department of Justice - http://www.usdoj.gov/civil/cases/cobell/index.htm
Indian Trust, Department of Interior - http://www.doi.gov/indiantrust