Service denied

Before Dec. 5, 2001, the National Park Service Web site (www.nps.gov) served 700,000 contacts per day. Since that day, service has been limited to a previously contracted-out campground reservation system. The situation is similar across most Interior Department sites, and external e-mail is dead.

Did a hacker or terrorist cause this denial of service? No, it was federal judge Royce Lamberth, in response to demonstrated security vulnerabilities in the Bureau of Indian Affairs' Web-based trust account information system. The court mandated that any Interior system that could facilitate unauthorized access to individual Indian trusts be taken offline until security is guaranteed. At its worst, the service denial hurts the very plaintiffs the ruling was meant to protect: 40,000 American Indians' monthly land-lease checks have been suspended.

The December ruling reflects years of cybersecurity neglect, as chronicled in a report issued in mid-November by court-appointed Special Master Alan Balaran. This report is the latest of some two dozen evaluations, including recent failing grades from Congressman Stephen Horn (R-Calif.), identifying security flaws in these systems. Last summer, a court-hired security firm, Predictive Systems Inc., easily penetrated the trust account system on its first attempt to test its security. In a later hack, its representatives managed to create and divert funds to a new account.

The department has hired more security help to untangle its web of interconnections, and isolate and secure subsystems in preparation for bringing them back up. Meanwhile, vital systems that support fire safety remain down, thousands of agency employees remain unconnected, and many thousands of citizens and taxpayers remain unserved, nearly two months after the shutdown.

Three important lessons can be drawn from these events. First, we are no longer merely becoming an electronic government — we are one. Although we have not transformed the way government serves the public, we underestimate our critical dependence on technology. The time and opportunities lost are surely valued in millions of dollars, and the loss of faith in the dependability of government to serve citizens around-the-clock is incalculable.

Second, our security threat profile has been altered. Until recently, few realized that a commercial jetliner, a slim letter or a shoe could be a weapon. Similarly, agency lists of information security threats do not generally include the judicial system.

Finally, government cannot afford to overreact to threats by taking down Web sites and denying its own service. As Thomas Jefferson said, "Information is the currency of democracy." Statute and policy still require maximum disclosure of information to the public via electronic means. Security considerations in this area must be balanced, as always, with the needs of a free society.

McConnell, former chief of information policy and technology at the Office of Management and Budget, is president of McConnell International LLC (www.mcconnellinternational.com). Helena Plater-Zyberk contributed to this column.