[ISN] Court orders Interior to disconnect systems from the Internet again

From: InfoSec News (isn@private)
Date: Tue Mar 16 2004 - 23:38:26 PST

  • Next message: InfoSec News: "[ISN] Security: getting the facts about cybergeddon"

    Forwarded from: William Knowles <wk@private>
    
    http://www.gcn.com/vol1_no1/daily-updates/25261-1.html
    
    By Wilson P. Dizard III 
    GCN Staff
    03/16/04 
    
    The U.S. District Court for the District of Columbia late yesterday 
    ordered the Interior Department to sever Internet connections at nine 
    agencies, again finding fault with the department's systems security. 
    
    Judge Royce C. Lamberth included this latest disconnection mandate 
    in a preliminary injunction order in the case of Cobell v. Norton. 
    The decision followed a determination in a linked opinion Lamberth 
    issued yesterday that concluded Interior's system security upgrades, 
    procedures and plans fail to protect American Indian trust data. 
    
    Interior spokesman Dan Dubray said late yesterday that department 
    officials still must review the court's latest order and have no 
    comment yet. Meanwhile, senior Interior officials were at a hearing 
    yesterday afternoon at the U.S. Court of Appeals for the District of 
    Columbia Circuit attempting to get Lamberth removed from the case, 
    arguing he is biased, Dubray said. 
    
    Lamberth barred Interior from reconnecting any systems still down
    since the court's December 2001 order shuttering virtually all
    Interior Internet links (Click for GCN story) [1]. He also
    specifically ordered Interior to immediately disconnect Net 
    links for systems at:
    
    * Bureau of Indian Affairs 
    
    * Bureau of Land Management 
    
    * Bureau of Reclamation 
    
    * Fish and Wildlife Service 
    
    * Minerals Management Service 
    
    * National Business Center 
    
    * Office of the Inspector General 
    
    * Office of the Special Trustee 
    
    * Office of Surface Mining. 
    
    After providing security assurances and with the approval of the
    court, Interior had reconnected many systems belonging to these
    agencies. Lamberth's new order applied to all systems at the 
    nine bureaus, even those that do not house or access trust data.
    
    The only systems exempted from the order are those essential to 
    the protection of life or property. Additionally, the systems 
    used by the Geological Survey National Park Service and Office 
    of Policy Management Budget can maintain their online links.
    
    The injunction said Interior must submit a plan for reconnecting all
    its systems based on a uniform standard for evaluating security and
    for using an independent organization to oversee systems security. 
    The injunction also calls on the plaintiffs in the case to comment 
    on Interior's proposal and for the court to evaluate the plan for 
    letting the department reconnect any systems.
    
    The lawsuits underlying the disconnection order concern
    multibillion-dollar claims by trust beneficiaries that Interior 
    has mismanaged and lost funds held in trust for American Indians. 
    The eight-year-old litigation led to a late 2001 finding by court
    consultants that anyone could easily hack into the trust accounts 
    via the Internet.
    
    [1] http://gcn.com/vol1_no1/daily-updates/24786-1.html
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Mar 17 2004 - 02:22:48 PST