Taking no chances at Interior

Officials set up a cybersecurity command center

Bureau of Land Management officials have established an Incident Command Center to strengthen the agency's computer systems defenses and restore Internet access.

Senior agency officials cut off BLM's Internet access last month after the Interior Department's inspector general issued a report warning that the agency's computer systems are susceptible to cyberattacks.

The April 8 shutdown, which came two days after the report's release, is the latest blow in a long-running dispute about securing Indian trust fund data stored on departmental computers. Interior's IG found that poor network security and weak access controls could easily compromise "the confidentiality, integrity and availability of the identified Indian trust data residing on such systems."

Similar vulnerabilities are common in government, several security analysts said about BLM's recent problems.

Interior officials released a heavily censored version of the IG's report after a court request in an almost 9-year-old class-action lawsuit that criticizes the department's oversight of Indian trust funds.

The lead attorney for the plaintiffs, who reviewed the full contents of the now-redacted IG report, called the document powerful evidence in his clients' case.

"The IG report on the inadequacy of the security of IT systems administered by BLM. ... demonstrates that the government has willfully exposed trust data to catastrophic degradation, corruption, and loss; has covered-up its ongoing malfeasance; and has lied to both the US District Court and Court of Appeals in that regard," stated Dennis Gingold, counsel for Elouise Cobell, a member of the Blackfeet tribe, one of the plaintiffs in the lawsuit against then-Interior Secretary Bruce Babbitt and the government. Secretary Gale Norton inherited the suit.

In an internal memo to BLM employees last week, Kathleen Clarke, the agency's director, outlined her repair strategy. Clarke told employees that the Incident Command Center will oversee the process of restoring Internet access, but she warned that restoration will take some time. Jim Rolfes, information resource management adviser for communications, will be the center's director.

According to the memo, Internet access, whenever it is restored, will be brought back on a staggered basis. Clarke has asked bureau executives to prioritize the Web sites and information systems under their authority and to recommend which ones should regain Internet connectivity first.

The agency's National Information Resource Management Center staff will be involved in efforts to harden security and move BLM Web sites "into a better-protected environment," Clarke wrote in the memo. "Sites will be independently tested by external experts to confirm and clearly demonstrate that our information is secure."

Several cybersecurity analysts who read the censored version of the IG's report concluded poor vulnerability management and inadequate security training at BLM are to blame for the security weaknesses.

Paul Proctor, vice president of the risk and privacy practice at Gartner, said the IG's report and Clarke's memo to employees set expectations too high. In BLM's case, he said, a federal court must ultimately decide how much security is enough, because 100 percent compliance is impossible to achieve.

Based on the redacted IG's report, Proctor said, security experts tested software patch levels, performed manual exploitations of identified vulnerabilities, inspected BLM's processes, executed social engineering attacks and looked at configurations. "If you take even the most secure organization, and you do this type of analysis, you're going to find a way in," he said.

Security expert Lynn McNulty, director of government affairs at the International Information Systems Security Certification Consortium, said BLM officials may have overreacted to the IG's report. But such a reaction is understandable, he said, given the degree to which agency officials are acting under the court's microscope.

Alan Paller, research director at the SANS Institute, wrote in an e-mail message that system administrators, with better training and repeated configuration testing, will find a solution. "BLM and the department should get kudos for the top management participation and management focus on solving the technical problems," he said.

A strategy to get it right

An Interior Department inspector general's report last month warned that computer systems in the department's Bureau of Land Management are susceptible to cyberattacks. That report prompted senior BLM officials to shut down the agency's Web site for "unanticipated maintenance."

BLM's repair strategy calls for:

  • Creating an Incident Command Center.
  • Moving BLM Web sites to better protected areas.
  • Disconnecting all Indian Trust-related systems from the network.
  • Setting priorities for restoring Internet access.
  • — Aliya Sternstein

    FCW in Print

    In the latest issue: Looking back on three decades of big stories in federal IT.


    • Anne Rung -- Commerce Department Photo

      Exit interview with Anne Rung

      The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

    • Charles Phalen

      Administration appoints first head of NBIB

      The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

    • Sen. James Lankford (R-Okla.)

      Senator: Rigid hiring process pushes millennials from federal work

      Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

    • FCW @ 30 GPS

      FCW @ 30

      Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

    • Shutterstock image.

      A 'minibus' appropriations package could be in the cards

      A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

    • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

      DOD launches new tech hub in Austin

      The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

    Reader comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    More from 1105 Public Sector Media Group