Slashdot Mirror
Judge Disconnects Interior Dept., Again
jeremycec writes "Evidently, nothing's been resolved since 2001, when this
happened the first
time. In these Memorandum
Opinion and Preliminary
Injunction documents from Judge Royce
C. Lamberth of the U.S.
District Court for Washington, D.C., we see how the court
stepped in to pull the plug on a system, which, through its
abject lack of due care,
left someone's important financial information wide open to
attackers. According to the former CIO of the Bureau of
Indian Affairs: 'For all practical purposes, we have no
security, we have no infrastructure, ... Our entire network
has no firewalls on it. I don't like running a network that
can be breached by a high school kid.' So, when the BIA
could get no relief through Interior's IT Dept.,
it went to the courts. Source: Government Computer News "
They should try one of those motherboards with fancy IDE encryption, that'll keep their data safe!
I have over 70 freaks, do you?
So fine, the BIA is allowed to sue the DOI. But who the hell is the DOI, who funds them. Well you and I. If the IT manager of the DOI is an idiot who couldn't care less about Native Americans and their "bureau", the absolute worse thing that can happen is that that person will lose their job (and good luck with that if this person happens to be female or a minority). So what is happening here. WE get to pay for someone dropping the ball. WE get to pay the court costs for BOTH agencies. WE get to pay whatever damages are awarded. In this case lawsuits are worthless (actually worse than worthless as they have negative worth). No messages are sent and in the end the taxpayers lose, and the clients of the BIA lose.
There has to be a lot more to this story. Low priority is one thing. This is right up there with willfully not breathing, or willfully not locking a door.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
They should run on FreeLeonardPeltierBSD.
in this day and age, when government spending along with jobless rates are at an all time high, there are government agencies that either don't have or have a badly staffed IT department. Judging from slashdot readership alone, there are many out-of-work geeks that could shore up gov't IT security for next to nothing. Even if it's an all Windows network, it can still be secured for relatively cheap....just hire a kiddie, pay him 30K/year to maintain Microsoft's Software Update Services to automatically download and install critical updates. You certainly don't need MCSE for that!
This comment was randomly generated by a school of piranhas chewing on the PCB of a Microsoft Natural Keyboard.
A similarly incompetent information regime already exists today - the credit reporting agencies. Considering how much private information they store, and how pervasively it's used, I'm amazed at how poor the data quality is. Basically they pushed the data integrity issue off to the consumer, who usually discovers the problem only after getting turned down for a loan....
Stop by my site where I write about ERP systems & more
I feel safer. And the chocolate rations have been increased to 5 units.
That was easy to crack! After about 20 minutes I finally figured out that they have not only the same username as I do but the same password! After that it was so easy it felt like ~...
This is slashdot, after all.
The BIA isn't suing anyone. They're *being* sued.
The case is Cobell v. Norton -- the plaintiffs are Native Americans and Norton being the Interior department, of which BIA is a part. (Side note: Gail Norton has been held in contempt of court at least twice that I know of as part of this case.)
So, what we have here, is a suit by individuals (more or less) against the Interior department.
Yes, WE get to pay for the government's defense, and, when the government loses, the full judgement to the (fully deserving, IMHO) plaintiffs.
Go pursue your anti-governemnt, anti-PC campaign elsewhere: it isn't relevant here.
Lawsuits aren't worthless here, they're pretty much the only lever the endlessly screwed-over Native Americans have against the interior depatment. I'm happy to see them succeeding at it.
...what the hell this article is about?
Bureau of Indian Affairs - are these the people responsible for outsourcing IT jobs to India?
- The government agreed to secure machines that had certain types of sensitive information, and to allow someone to verify that those machines were secure.
- One machine was discovered to be insecure because apparently it WAS in the DMZ for a legitimate use and thus could be portscanned (it was just insecure)
- The people scanning it told the gov't that they were going to do a full penetration scan (so that they didn't get prosecuted), which everybody had agreed to and agreed would be private (i.e. nobody would try to secure the box in advance of the penetration)
- The machine magically vanished off the network right before the penetration scan with a bit of a bogus explaination
- The government and the guy responsible for doing the scans got into a big pissing contest that they refused to settle peacefully.
In other words, it seems like some parts of the government was attempting to do the right thing here, but some other parts got seriously upset when they discovered that the Special Master (the guy responsible for verifying compliance that the machines were actually secure) was actually doing his job and not just taking their word that they hadn't leaked information about the machine that was going to be penetrated, fearing the consequences.Quite frankly, I'm a little confused as to why the government had to allow a full exploit to take place rather than accepting the warning of "this machine is insecure, secure it now," except that maybe it's with an eye towards preparing for the day when the courts aren't constantly portscanning them.