Sections of the U.S. Department of the Interior were taken offline yesterday following a scathing criticism of the department's IT security.
The department has been criticised in the past, scoring an F on the latest government-wide report card which highlighted the poor state of security in many departments (see SC Magazine, February 2004).
And this is not the first time the Department of the Interior has faced action. In 2001 systems were taken offline after an investigator demonstrated simple attacks against data relating to royalty payments to Native American communities.
U.S. District Court Judge Royce Lamberth issued a stinging criticism of the department. "There will no doubt be much hand-wringing by Interior over yet another preliminary injunction issued by this Court. But the rantings of plaintiffs and the feigned indignance of Interior aside, there is simply no other alternative. Interior truly brought this on themselves," the judge said, ordering all computer systems offline except for emergency services, and certain agencies with no connection to vulnerable systems.
The department confirmed that services were offline, and employees unable to access the internet or send email. "We are working closely with the Department of Justice to quickly respond to this order in the appropriate legal venue," the department said in a statement.
Judge Lamberth has demanded an independent review and monthly monitoring of the DoI's security before lifting the order.