[ISN] Interior to use wireless despite Internet court battle
isn at c4i.org
Tue May 24 04:55:06 EDT 2005
By Aliya Sternstein
May 23, 2005
Lawyers representing a group of American Indians suing the Interior
Department say wireless Internet service could grant unauthorized
access to Indian trust fund account information. But Interior plans to
issue a solicitation notice for departmentwide wireless service soon.
Interior lawyers are reviewing the final version of the notice and
would not comment on its contents.
Last Tuesday, lawyers gave a federal judge a report published in
December by Interior's inspector general on wireless management and
security. It details how easily hackers could manipulate trust
accounts held by 500,000 American Indians.
Between October 2003 and April 2004, inspectors found that Interior
networks sometimes intersected with other networks and broadcasted
information to inappropriate areas and people.
Last month, Interior shut down the Bureau of Land Management's Web
site after the IG issued a report warning that its information
technology systems were vulnerable to cyberthreats. The shutdown was
the latest in a long-running dispute about the security of Indian
trust fund information.
December's report notes that at the BLM Boise, Idaho, District Office,
a wireless network that was supposed to bridge the district office
directly to a building about a mile away, broadcasting the network
signal to everyone within a mile radius. Inspectors observed that more
than 3,000 other commercial and residential wireless networks occupied
Other instances of BLM sloppiness appear throughout the IG's report.
"We observed approximately 148 users connecting to [a BLM] wireless
network during non-business hours; however, BLM indicated that there
were only about 10 authorized users," the report states.
The report adds that officials may have alleviated some security
concerns by issuing the April 2004 memo that required insecure
Interior agencies to disconnect their wireless networks.
But the IG report states that the memo is "silent on how DOI should
handle what may be the inevitable use of wireless technology in the
Interior officials have not disclosed information about the new
wireless initiative because of the current litigation and bidding
Interior spokespersons released a statement. "To understand our
position regarding the commercial wireless [cellular] services program
under DOI's Wireless initiative, the Office of the Chief Information
Officer and the Office of Acquisition and Property Management offices
partnered. Significant progress has been made, and a solicitation will
soon be issued. This partnership is the department's direct response
to the March 2004 GAO Report Agencies Can Achieve Significant Savings
on Purchase Card Buys."
The project's synopsis states that Interior must establish an
enterprisewide contract vehicle to acquire cost-effective nationwide
commercial wireless services, coverage and management. The notice
pertains to commercial mobile wireless services.
The IG report warns that the agency must take steps to improve
security of wireless services. The report found, for example, that the
wireless signals are available after business hours and are also
identifiable. Inspectors quickly recognized that a wireless network
was BLM's because it broadcast a unique network name.
"Additionally, we found at one BLM and one [Fish and Wildlife Service]
location that wireless networks remained in operation during
non-business hours," the report stated "This, in conjunction with the
networks broadcasting unique identifying information that is easily
identifiable to DOI, accelerates a hacker's ability to compromise DOI
At a Bureau of Reclamation facility, inspectors identified wireless
signals in three parking lots outside the network's perimeter.
In addition, Interior could not account for all wireless network
devices. Specifically, six network access points at two BLM locations,
were not inventoried.
An earlier court order disconnected the Bureau of Indian Affairs from
the Internet, but the IG report found that contractors at a BIA office
used non-Interior laptops that had wireless capabilities.
Wireless-enabled laptops could be connected to Interior's wired
networks and expose those networks and data to unauthorized users, the
More information about the ISN