Court orders Interior to disconnect systems from the Internet again

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.gcn.com/vol1_no1/daily-updates/25261-1.html

By Wilson P. Dizard III 
GCN Staff
03/16/04 

The U.S. District Court for the District of Columbia late yesterday 
ordered the Interior Department to sever Internet connections at nine 
agencies, again finding fault with the department's systems security. 

Judge Royce C. Lamberth included this latest disconnection mandate 
in a preliminary injunction order in the case of Cobell v. Norton. 
The decision followed a determination in a linked opinion Lamberth 
issued yesterday that concluded Interior's system security upgrades, 
procedures and plans fail to protect American Indian trust data. 

Interior spokesman Dan Dubray said late yesterday that department 
officials still must review the court's latest order and have no 
comment yet. Meanwhile, senior Interior officials were at a hearing 
yesterday afternoon at the U.S. Court of Appeals for the District of 
Columbia Circuit attempting to get Lamberth removed from the case, 
arguing he is biased, Dubray said. 

Lamberth barred Interior from reconnecting any systems still down
since the court's December 2001 order shuttering virtually all
Interior Internet links (Click for GCN story) [1]. He also
specifically ordered Interior to immediately disconnect Net 
links for systems at:

* Bureau of Indian Affairs 

* Bureau of Land Management 

* Bureau of Reclamation 

* Fish and Wildlife Service 

* Minerals Management Service 

* National Business Center 

* Office of the Inspector General 

* Office of the Special Trustee 

* Office of Surface Mining. 

After providing security assurances and with the approval of the
court, Interior had reconnected many systems belonging to these
agencies. Lamberth's new order applied to all systems at the 
nine bureaus, even those that do not house or access trust data.

The only systems exempted from the order are those essential to 
the protection of life or property. Additionally, the systems 
used by the Geological Survey National Park Service and Office 
of Policy Management Budget can maintain their online links.

The injunction said Interior must submit a plan for reconnecting all
its systems based on a uniform standard for evaluating security and
for using an independent organization to oversee systems security. 
The injunction also calls on the plaintiffs in the case to comment 
on Interior's proposal and for the court to evaluate the plan for 
letting the department reconnect any systems.

The lawsuits underlying the disconnection order concern
multibillion-dollar claims by trust beneficiaries that Interior 
has mismanaged and lost funds held in trust for American Indians. 
The eight-year-old litigation led to a late 2001 finding by court
consultants that anyone could easily hack into the trust accounts 
via the Internet.

[1] http://gcn.com/vol1_no1/daily-updates/24786-1.html

 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.