Interior shuts down BLM Web site

The on-again, off-again story of the Interior Department’s Bureau of Land Management Web site has shifted to off-again this month. Agency officials shut down BLM’s Web site after Interior’s inspector general issued a report warning that the agency’s information technology systems are vulnerable to cyberthreats.

The shutdown is the latest in a long-running dispute over the security of Indian trust fund information.

Bureau officials took the site off-line April 8, two days after the report was released. Investigators found that poor network security and weak access controls “could have easily compromised the confidentiality, integrity and availability of the identified Indian Trust data residing on such systems.”

Justice Department officials have since asked a U.S. district judge for a protective order to guard sensitive IT security information in the report.

A class-action lawsuit filed almost nine years ago criticizes Interior’s oversight of Indian trust funds. Plaintiffs have accused department officials of doing a poor job of protecting data from hackers.

In 2001, U.S. District Judge Royce Lamberth ordered Interior officials to disable Internet connections on all computers that could be used to access trust fund data. He ordered two subsequent shutdowns, although Internet access has returned to the department following a federal appeals court ruling that blocked Lamberth’s latest order.

A representative for the plaintiffs said external forces weighed more heavily than bureau officials are admitting. “Clearly, there was pressure from the court to keep their systems clean,” said Bill McAllister, a spokesman for Elouise Cobell, a member of the Blackfeet tribe in Montana, who, along with her co-plaintiffs, filed the lawsuit against then-Interior Secretary Bruce Babbitt and the government. Secretary Gale Norton inherited the suit.

Following the IG’s report, Cobell filed a motion last week for a restraining order and preliminary injunction to shut down every IT system that houses or accesses individual trust data. The plaintiffs argue that because Interior admits its IT systems are insecure, the systems must be disconnected from the Internet.

Alan Paller, research director at the SANS Institute, said many agencies’ IGs have found substantial vulnerabilities that might allow information to be compromised and it makes sense to address those problems, but the wholesale shutdown can be just as dangerous.

However, Bruce McConnell, president of McConnell International, approved of the shutdown. “BLM did the prudent thing, especially given the history. The public will get better service when the IT community — including industry — gets its act together on security.”