http://www.fcw.com/article91172-10-20-05-Web
By Aliya Sternstein
Oct. 20, 2005
A judge has ordered the Interior Department to disconnect all
information technology systems that access Indian trust fund data
because the systems are vulnerable to hacker attacks.
Today, U.S. District Judge Royce Lamberth granted American Indian
plaintiffs a motion for a preliminary injunction to shut down all
computers, networks, handheld computers and voice-over-IP equipment
that access trust fund data. The injunction prohibits Interior
employees, contractors, tribes and other third parties from using
those systems.
Interior's IT security has been the focus of a nine-year class-action
lawsuit that criticizes the department's oversight of Indian trust
funds. Plaintiffs have accused Interior officials of failing to
properly protect data.
Department officials took the Bureau of Land Management's Web sites
off-line for two months this spring after Interior's inspector general
issued a report warning that its IT systems are vulnerable to
cyberattacks.
In 2001, Lamberth ordered Interior to disable Internet connections on
all computers that employees - and hackers -- could use to access
trust fund data. He ordered two subsequent shutdowns, although
Internet access had returned to the department following a federal
appeals court ruling that blocked the second order.
Most recently, lapses in Interior's oversight allowed government-hired
hackers to infiltrate the agency's systems, according to a Sept. 6
memo from Earl Devaney, Interior's IG.
Since November 2004, the IG has been independently testing the
department's network security.
Because of "vulnerabilities in several bureaus" [IT] systems,
[Interior] internal networks, as a whole, are vulnerable to
unauthorized access," Devaney wrote in his most recent assessment.
Interior's lawyers and IT employees will soon determine the amount of
equipment and networks that the new order affects.
"We are working with our IT personnel and attorneys to help interpret
the judge's order and to determine the actions that we need to take to
comply," Interior spokesman John Wright said. "The impact potentially
involves approximately 6,000 computers that house individual Indian
trust data and an undetermined number of other computers that may
provide indirect access to IT systems that house individual Indian
trust data."
The shutdown's start date has not been determined, he added.
Based on an initial review of the order, Interior officials said the
shutdown will adversely impact Interior programs that benefit American
Indians and other customers.
Wright said the order will undermine the agency's ability to
distribute royalty payments to Indian beneficiaries and the federal
government.
The Indian plaintiffs in the case are expected to issue a formal
statement later today.
The plaintiffs are generally satisfied with today's outcome, said Bill
McAllister, their spokesman.
"It seems to follow pretty much what we've requested in the hearing,"
McAllister said. "It supported our contention that the computers were
unsafe."
_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
