http://www.nwfusion.com/news/2004/1209doi.html
By John Fontana
Network World Fusion
12/09/04
Three years after a judge's ruling in a class-action lawsuit unplugged
the Department of Interior and its eight agencies from the Internet
for four chaotic months, the department is still fighting to stay
online having averted its third ordered shutdown earlier this month.
Since the chaos of 2001, the DOI has invested millions to improve
computer security, a trend, observers say, is cutting across federal
government.
The latest DOI Internet blackout was avoided when the U.S. Court of
Appeals for the D.C. Circuit ruled on Dec. 3 that U.S. District Judge
Royce Lamberth ignored evidence showing the DOI had addressed his
concerns over computer security. Those concerns are part of an
eight-year-old class action lawsuit, Cobell vs. Norton, over the
mismanagement of Indian trust funds filed by 300,000 Native Americans
against the DOI, which oversees the Bureau of Indian Affairs (BIA).
Lamberth ordered the shutdown in March 2004, which put the DOI offline
for several days before a stay was granted. The Dec. 3 ruling
overturned Lamberth's order.
The Internet shutdowns all started in December 2001, when Lamberth
ruled that the government breached its trust obligations resulting in
accounting errors for some $10 billion owed to Native Americans and he
ordered an overhaul of DOI systems.
The BIA systems were so bad that the DOI could not determine which
systems housed Indian trust data and DOI was ordered to take all eight
agencies offline, bringing four months of chaos that showed just how
entrenched the Internet had become in the day-to-day life of the
government.
Ironically, those hurt worst were Native Americans, who went without
their existing trust payments as systems were hogtied. To this day,
the BIA remains disconnected from the Internet pending a settlement.
But the DOI's other seven agencies are all back up and online,
including the Minerals Management Service, Bureau of Land Management,
the Fish and Wildlife Service, the Office of Surface Mining and the
National Park Service.
And the DOI is busy working on its computer security.
In the past two years, the BIA has allocated more than $50 million to
overhaul its computer systems and network including firewalls and
other security software, according to the DOI, including a new IT
center in suburban Washington, D.C.
Dave Anderson, who took over as head of the BIA earlier this year,
said during a February tour he conducted for tribal leaders that the
facility's network is the "most sophisticated" within the DOI.
"The department has made significant investment in IT security," says
Dan DuBray, acting press secretary for the DOI. "Those investments
have provided multiple hardening of these systems that house Indian
trust data." DuBray says the DOI believes that the data in question is
now among the most secure in the federal government. He declined to
provide details on the security measures deployed.
But experts say the federal government in general is working to harden
its computer systems especially in light of the Federal Information
Security Management Act, which was enacted in 2002 and ties funding
for federal information technology projects to security compliance,
and the Sept. 11 attacks.
"Those agencies involved in national security have spent billions of
dollars with a focus on information security," says Ray Bjorklund,
senior vice president and chief knowledge officer for Federal Sources,
a research firm focused on public sector IT.
"The civil agencies are putting more energy into bolstering
information security. It is hard to put an exact dollar amount on
these things, but they are spending billions of dollars per year on
security."
_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable -
http://www.osvdb.org/
