Editorial: Security matters

Imagine doing your job without a connection to the Internet. No e-mail. No Google. No, not even a visit to FCW.com. Part of the Interior Department has been experiencing that restriction for years.

This month, in a significant decision, the U.S. Court of Appeals for the District of Columbia Circuit removed U.S. District Judge Royce Lamberth from a long-standing class-action lawsuit against Interior. American Indians brought the case over land-use rights and payments, and Lamberth has overseen it for about a decade. But the appeals court decided that the judge had overstepped the court’s bounds.

Because the complex case carries with it more than 100 years of historical baggage, it has generated some passionate reactions. But few would have guessed that it would result in at least one part of a government agency being unplugged from the Internet.

One of the central issues is the security of computer systems at Interior’s Bureau of Indian Affairs. Experts have long complained that getting executives and program managers to appreciate the importance of information security is an uphill battle. However, they should have enough examples from the first half of this year to address any lingering doubts.

In recent months, mishaps have run the gamut from lost laptop PCs to lost data stored on portable media drives, from successful hackers to long-running court cases. The incidents have made the problems associated with failing to have a proper security program abundantly clear.

Experts say the best systems include security from the beginning of their development. Given the recent reminders of the vulnerability of government data, it is clear that agencies still have some work to do.