[ISN] DOI averts online shutdown

[InfoSec News]

http://www.nwfusion.com/news/2004/1209doi.html

By John Fontana
Network World Fusion
12/09/04

Three years after a judge's ruling in a class-action lawsuit unplugged 
the Department of Interior and its eight agencies from the Internet 
for four chaotic months, the department is still fighting to stay 
online having averted its third ordered shutdown earlier this month. 

Since the chaos of 2001, the DOI has invested millions to improve 
computer security, a trend, observers say, is cutting across federal 
government. 

The latest DOI Internet blackout was avoided when the U.S. Court of 
Appeals for the D.C. Circuit ruled on Dec. 3 that U.S. District Judge 
Royce Lamberth ignored evidence showing the DOI had addressed his 
concerns over computer security. Those concerns are part of an 
eight-year-old class action lawsuit, Cobell vs. Norton, over the 
mismanagement of Indian trust funds filed by 300,000 Native Americans 
against the DOI, which oversees the Bureau of Indian Affairs (BIA). 

Lamberth ordered the shutdown in March 2004, which put the DOI offline 
for several days before a stay was granted. The Dec. 3 ruling 
overturned Lamberth's order. 

The Internet shutdowns all started in December 2001, when Lamberth 
ruled that the government breached its trust obligations resulting in 
accounting errors for some $10 billion owed to Native Americans and he 
ordered an overhaul of DOI systems. 

The BIA systems were so bad that the DOI could not determine which 
systems housed Indian trust data and DOI was ordered to take all eight 
agencies offline, bringing four months of chaos that showed just how 
entrenched the Internet had become in the day-to-day life of the 
government. 

Ironically, those hurt worst were Native Americans, who went without 
their existing trust payments as systems were hogtied. To this day, 
the BIA remains disconnected from the Internet pending a settlement. 

But the DOI's other seven agencies are all back up and online, 
including the Minerals Management Service, Bureau of Land Management, 
the Fish and Wildlife Service, the Office of Surface Mining and the 
National Park Service. 

And the DOI is busy working on its computer security.  

In the past two years, the BIA has allocated more than $50 million to 
overhaul its computer systems and network including firewalls and 
other security software, according to the DOI, including a new IT 
center in suburban Washington, D.C. 

Dave Anderson, who took over as head of the BIA earlier this year, 
said during a February tour he conducted for tribal leaders that the 
facility's network is the "most sophisticated" within the DOI. 

"The department has made significant investment in IT security," says 
Dan DuBray, acting press secretary for the DOI. "Those investments 
have provided multiple hardening of these systems that house Indian 
trust data." DuBray says the DOI believes that the data in question is 
now among the most secure in the federal government. He declined to 
provide details on the security measures deployed. 

But experts say the federal government in general is working to harden 
its computer systems especially in light of the Federal Information 
Security Management Act, which was enacted in 2002 and ties funding 
for federal information technology projects to security compliance, 
and the Sept. 11 attacks. 

"Those agencies involved in national security have spent billions of 
dollars with a focus on information security," says Ray Bjorklund, 
senior vice president and chief knowledge officer for Federal Sources, 
a research firm focused on public sector IT.
 
"The civil agencies are putting more energy into bolstering 
information security. It is hard to put an exact dollar amount on 
these things, but they are spending billions of dollars per year on 
security."