[ISN] Judge orders Interior IT system shutdown

[InfoSec News]

http://www.fcw.com/article91172-10-20-05-Web

By Aliya Sternstein
Oct. 20, 2005 

A judge has ordered the Interior Department to disconnect all 
information technology systems that access Indian trust fund data 
because the systems are vulnerable to hacker attacks.

Today, U.S. District Judge Royce Lamberth granted American Indian 
plaintiffs a motion for a preliminary injunction to shut down all 
computers, networks, handheld computers and voice-over-IP equipment 
that access trust fund data. The injunction prohibits Interior 
employees, contractors, tribes and other third parties from using 
those systems.

Interior's IT security has been the focus of a nine-year class-action 
lawsuit that criticizes the department's oversight of Indian trust 
funds. Plaintiffs have accused Interior officials of failing to 
properly protect data.

Department officials took the Bureau of Land Management's Web sites 
off-line for two months this spring after Interior's inspector general 
issued a report warning that its IT systems are vulnerable to 
cyberattacks.

In 2001, Lamberth ordered Interior to disable Internet connections on 
all computers that employees - and hackers -- could use to access 
trust fund data. He ordered two subsequent shutdowns, although 
Internet access had returned to the department following a federal 
appeals court ruling that blocked the second order.

Most recently, lapses in Interior's oversight allowed government-hired 
hackers to infiltrate the agency's systems, according to a Sept. 6 
memo from Earl Devaney, Interior's IG.

Since November 2004, the IG has been independently testing the 
department's network security. 

Because of "vulnerabilities in several bureaus" [IT] systems, 
[Interior] internal networks, as a whole, are vulnerable to 
unauthorized access," Devaney wrote in his most recent assessment.

Interior's lawyers and IT employees will soon determine the amount of 
equipment and networks that the new order affects.

"We are working with our IT personnel and attorneys to help interpret 
the judge's order and to determine the actions that we need to take to 
comply," Interior spokesman John Wright said. "The impact potentially 
involves approximately 6,000 computers that house individual Indian 
trust data and an undetermined number of other computers that may 
provide indirect access to IT systems that house individual Indian 
trust data."

The shutdown's start date has not been determined, he added. 

Based on an initial review of the order, Interior officials said the 
shutdown will adversely impact Interior programs that benefit American 
Indians and other customers. 

Wright said the order will undermine the agency's ability to 
distribute royalty payments to Indian beneficiaries and the federal 
government. 

The Indian plaintiffs in the case are expected to issue a formal 
statement later today.

The plaintiffs are generally satisfied with today's outcome, said Bill 
McAllister, their spokesman. 

"It seems to follow pretty much what we've requested in the hearing," 
McAllister said. "It supported our contention that the computers were 
unsafe."