The order, issued Monday in United States District Court in Washington, is part of a longstanding conflict between Interior officials and Judge Royce Lamberth, who has shown little patience with the agencys attempts to improve the security of its networks. It also highlights the continuing struggle inside the Beltway to improve the security at federal agencies.
Lamberths order requires that the agency shut off the Internet connections of the Office of the Inspector General, the Minerals Management Service, the Bureau of Land Management, the Bureau of Reclamation, the Office of the Special Trustee, Fish and Wildlife, the Office of Indian Affairs, the Office of Surface Mining and the National Business Center. Systems deemed vital for protecting against fires and other emergencies can retain their Internet connectivity, Lamberth wrote in his order.
The dispute goes back to 2000 when it came to light that the Bureau of Indian Affairs, which is responsible for housing data relating to Indian trust funds, "had no security plan for the preservation of the trust data … that BIA has now placed itself in the incredible position that it cannot now create such a plan with its own employees." A Special Master was appointed to assess the agencys security practices, and in 2001 reported that the data relating to individual Indian beneficiaries resides on systems with "no firewalls, no staff currently trained/capable of building and maintaining firewall devices, no hardware/software solution for monitoring network activity."
In response, Lamberth in December 2001 ordered Interior officials to turn off the Internet connections of all of the systems housing the Indian trust data. Last July, a subset of the agencys systems had to be disconnected again, per Lamberths orders.
In Mondays ruling, Lamberth took the agency to task for failing to correct its past problems, using especially harsh language in a number of passages. "Interiors track record on security is poor," he wrote. "There will no doubt be much hand-wringing by Interior over yet another preliminary injunction issued by this Court. But the rantings of plaintiffs and the feigned indignance of Interior aside, there is simply no other alternative. Interior truly brought this on themselves."
Interior officials can petition the court at any point for permission to reconnect the affected systems.
Interior is by no means the only government agency with pressing security issues. Several departments, including Justice, Agriculture and State, received failing grades in December on an annual audit of federal agencies security practices and procedures.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: