http://www.gcn.com/vol1_no1/daily-updates/35743-1.html By Wilson P. Dizard III GCN Staff 05/04/05 Some Interior Department systems that house American Indian trust data are so easy to penetrate, according to the department's inspector general, that they potentially could cause "severe or catastrophic" problems. Poor computer security has been a long-running issue in a federal court case over the government's loss of billions of dollars of assets held in trust for American Indians. An Interior spokesman said she could not comment on legal issues but noted that the department has been consistently upgrading its system security. Interior has released an extensively redacted version of the 86-page report. Computer specialists working for the IG pinpointed 24 servers that hold Indian trust data and said they were able to penetrate two servers and gain full, undetected access to the Bureau of Land Management's internal networks and intranet. The auditors made several systems security recommendations, saying that if BLM did not adopt them quickly, it should disconnect its systems from the department's networks. Scott Miles, a computer security expert Interior hired, earlier this week testified about poor BLM computer security in the case of Cobell vs. Interior secretary Gail Norton. Plaintiffs in the 9-year-old lawsuit contend that the American Indian trust accounts are vulnerable to external attacks as well as a more serious risk of internal theft. Miles said he agreed with Dennis M. Gingold, lead attorney for the plaintiffs, about the severity of the internal threat. Tina Kreisher, Interior's communications director, said, "The thing to remember is that we asked the IG to do this study. We are concerned about IT security. This study was a way of helping to test it. As this plays out and we discover flaws, we fix them." The Cobell plaintiffs seek to convince Judge Royce Lamberth of the U.S. District Court for the District of Columbia that the Interior computers housing trust data should be disconnected from the Internet or shut down until the security flaws are repaired. Gingold and other plaintiff attorneys also contend that the security problems have made it impossible for Interior to properly account for the trust funds. The federal government has been managing revenues from American Indian natural resources such as oil, coal, gas, pipeline rights-of-way and timber since 1887. The Cobell plaintiffs contend that the federal government owes the 500,000 trust beneficiaries upward of $100 billion in restitution for assets stolen or wasted. Lamberth ordered Interior to disconnect almost all its systems from the Internet in December 2001 and considered doing so again last year (see GCN coverage [1]). Lamberth's first disconnection order also was prompted by the discovery of system security flaws. In the intervening years, Interior IT executives have upgraded system security, and Lamberth has progressively allowed more of the systems to be reconnected. [1] http://www.gcn.com/23_6/news/25328-1.html _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Thu May 05 2005 - 05:07:36 PDT