[ISN] IG: Interior faces possible IT security catastrophe
InfoSec News
isn at c4i.org
Thu May 5 05:27:37 EDT 2005
http://www.gcn.com/vol1_no1/daily-updates/35743-1.html
By Wilson P. Dizard III
GCN Staff
05/04/05
Some Interior Department systems that house American Indian trust data
are so easy to penetrate, according to the department's inspector
general, that they potentially could cause "severe or catastrophic"
problems.
Poor computer security has been a long-running issue in a federal
court case over the government's loss of billions of dollars of assets
held in trust for American Indians.
An Interior spokesman said she could not comment on legal issues but
noted that the department has been consistently upgrading its system
security.
Interior has released an extensively redacted version of the 86-page
report. Computer specialists working for the IG pinpointed 24 servers
that hold Indian trust data and said they were able to penetrate two
servers and gain full, undetected access to the Bureau of Land
Management's internal networks and intranet.
The auditors made several systems security recommendations, saying
that if BLM did not adopt them quickly, it should disconnect its
systems from the department's networks.
Scott Miles, a computer security expert Interior hired, earlier this
week testified about poor BLM computer security in the case of Cobell
vs. Interior secretary Gail Norton. Plaintiffs in the 9-year-old
lawsuit contend that the American Indian trust accounts are vulnerable
to external attacks as well as a more serious risk of internal theft.
Miles said he agreed with Dennis M. Gingold, lead attorney for the
plaintiffs, about the severity of the internal threat.
Tina Kreisher, Interior's communications director, said, "The thing to
remember is that we asked the IG to do this study. We are concerned
about IT security. This study was a way of helping to test it. As this
plays out and we discover flaws, we fix them."
The Cobell plaintiffs seek to convince Judge Royce Lamberth of the
U.S. District Court for the District of Columbia that the Interior
computers housing trust data should be disconnected from the Internet
or shut down until the security flaws are repaired. Gingold and other
plaintiff attorneys also contend that the security problems have made
it impossible for Interior to properly account for the trust funds.
The federal government has been managing revenues from American Indian
natural resources such as oil, coal, gas, pipeline rights-of-way and
timber since 1887. The Cobell plaintiffs contend that the federal
government owes the 500,000 trust beneficiaries upward of $100 billion
in restitution for assets stolen or wasted.
Lamberth ordered Interior to disconnect almost all its systems from
the Internet in December 2001 and considered doing so again last year
(see GCN coverage [1]).
Lamberth's first disconnection order also was prompted by the
discovery of system security flaws. In the intervening years, Interior
IT executives have upgraded system security, and Lamberth has
progressively allowed more of the systems to be reconnected.
[1] http://www.gcn.com/23_6/news/25328-1.html
More information about the ISN
mailing list