<< COB00001 >>
[N THE UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF COLUMBIA
ELGUISE PEPION COBELL et a!
		)
	Plaintiffs,	)
		)
	v.	)	CaseNo. l:96CV01285
)	(Judge Lamberth)
GALE A. NORTON, Secretary of the Interior, et al.,)
		)
	Defendants.	)
NOTICE OF ACTIONS TAKEN BY TilE DEPARTMENT OF THE INTERIOR TO
COMPLY WITH DECEMBER 5,2001 TEMPORARY RESTRAINING ORDER
	On December 5, 2001, the Court entered a Temporary Restraining Ordcr, as amended on
December 6, 2001, requiring the Department of the Interior ("Interior") to "immediately
disconnect from the Internet all information technology systems that house or provide access to
individual Indian trust data" and to "immediately disconnect from the Internet all computers
within the custody and control of the Department of the Interior, its employees and contractors,
that have access to individual Indian trust data." In carrying out the terms of that Order, Interior
has applied the following definitions:
Information technology .~ystem- Any equipment or interconnected system or
subsystem of equipment, that is used in the automatic acquisition, storage,
manipulation, management, movement, control, display, switching, interchange,
transmission, or reception of data or information, including computers, ancillary
equipment, software, firmware and similar procedures, services (including support
services), and related resources. (Source: ITMRA 5002(3)).
Individual Indian trust data- information in a digital format, stored in a computer
or other electronic information retrieval system that is a Federal Record as defined
in 44 U.S.C. § 3301 and that evidences the existence of individual Indian trust
I
<< COB00002 >>
assets (e.g., as derived from ownership data, trust patents, plot descriptions,
surveys, jacket files, statement of accounts), the collection of income from
individual Indian trust assets (e.g., as derived from deposit tickets, journal
vouchers, schedule of collections), use or management of individual Indian trust
assets (e.g., as derived from leases, sales, rights-of-way, investment reports,
production reports, sales contracts), or the disbursement of individual Indian trust
assets (e.g., as derived from transaction ledgers, check registers, transaction
registers, or lists of canceled or undelivered checks).
Individual Indian trust assets- Lands, natural resources, monies, or other assets
held by the Federal government in trust or that are restricted against alienation for
individual Indians.
House- The storage of data such that the data is retrievable by electronic means.
Access- The ability to gain electronic entry into systems, networks, personal
computers, or application service providers;
	Interior has taken efforts to ensure that it is in compliance with the Court's Temporary
Restraining Order. Those efforts include:
On December 5, 2001, Interior verbally directed its senior management officials to
disconnect their systems from the Internet. See Ex. A (Meeting Notes of Sue
Ellen Woolridge from December 5, 2001); Ex. B.
2.	The Assistant Secretary — Indian Affairs ordered all regional directors and central
office directors to "immediately disconnect/unplug all non-BIA network
connections to the Internet." See Ex. C.
3.	In the morning through early afternoon of December 6, 2001, Interior received
responses on actions taken to comply with the order to disconnect from the
Internet from the following agencies: NBC Denver, NBC XVashington, Alaska
ARTNET2, Inspector General, Solicitor, Office of Special Trustee for American
2
<< COB00003 >>
Indians, Office of Historical Trust Accounting, National Park Servicc, Fish and
Wildlife Service, Bureau of Indian Affairs, Bureau of Land Management, Minerals
Management Service, Office of Surface Mining, U.S. Geological Survey, Bureau
of Reclamation, Office of Hearing and Appeals. $~ Ex. D.
4.	Employees were also instructed to disconnect modems from PCs connected to the
BIANet See. e.g., Ex. E.
S.	On December 7, 2001, Interior Chief Information Officer Daryl White wrote a
memorandum to Associate Deputy Secretary James Cason stating that he had
discussed in a meeting with Bureau or Office chief information officers, their
deputies, or technology chiefs their compliance with the Temporary Restraining
Order, and that he told the attendees that "[ijf I don't hear differently, I assume
you disconnected from the Internet. Further, you are directed to remain
disconnected until further notice." He reported that there was no disagreement.
See Ex. F.
	Beyond those steps required by the Temporary Restraining Order, Interior has taken
additiona] action to address the deficiencies in its trust-related information technology systems.
To provide additional security for individual Indian trust data in the short-term, Interior had
previously entered into a contract with Predictive Systems, Inc. to install firewalls, intrusion
detection systems, and near real-time monitoring at three Office of Information Resource
Management facilities. A copy of this contract has previously been filed with the Court. Interior
expects this installation to be complete by January 31, 2002.
	Because each information techno]ogy system provides important or critical services for
3
<< COB00004 >>
individual Indians, Interior would like to re-establish system operations once it can provide
reasonable protection for the individual Indian trust data. Interior has filed a proposed consent
order that would permit it to reconnect to the Internet any information technology system that no
longer houses individual Indian trust data and that does not provide access to individual Indian
trust data. In addition, Interior also sought permission to reconnect to the Internet any
information technology system that houses individual Indian trust data if the external
communications system is designed to deny access to the data and identifies unauthorized
attempts to access the data (e.g., if it has a firewall, is subject to intrusion detection, and if system
activity logs are available and routinely reviewed). For each information technology system that
does not fit into either of these categories, Interior, in consultation with external experts,
developed the following criteria that must be met before that system would be reconnected to the
Internet:
I.	Interior has implemented ingress and egress filtering on all internetwork
connection routers bordering that system to prevent unauthorized access to the
system;
2.	Interior has first disabled all user IDs and then enabled only those IDs for users for
whom the responsible program official has (1) verified the need of the user to
access the system; and (2) issued a new, alphanumeric password to the verified
user;
3.	Interior has required all users to use complex (at least alphanumeric) passwords of
at least 6 characters. Interior will communicate this requirement to users through
written memoranda and oral communication at the time of user ID reactivation;
4.	Interior has trained personnel who will examine system and router logs daily to
identify malicious system activity; and
5.	Interior has delivered to the Special Master: (1) router configuration text files
showing the implementation of ingress and egress filtering technology, (2)
certifications from the relevant responsible program officials for the management
4
<< COB00005 >>
of user IDs; (3) a computer program used to generate complex passwords, and a
copy of the written memorandum and help desk oral script used to communicate
new password policy to users; and (4) the identification of the trained personnel
who will examine the system and router logs and a description of the mechanism
by which they will monitor the logs.
	Interior recognizes that, although these short-term steps will increase security for its
individual Indian trust data located in the systems in this last category, more needs to be done to
rectify the deficiencies identified in the Special Master's November 14, 2001 Report and
Recommendation. After each system is brought on-line, Interior intends to task a qualified
independent contractor to perform on each system as it is brought on-line an evaluation of the
requirements to bring that system into compliance with 0MB Circular A-130. Interior contracted
with Science Applications International Corporation ("SAIC"), a leading information technology
consulting firm, "to begin services to design, implement and manage an information assurance
infrastructure and information security management program" with respect to Interior's
information technology systems. See Ex. G. Within one month of receiving the independent
contractor's evaluation, Interior will file with the Court a long-term security action plan to bring
each system into compliance with OlvIB Circular A- 130.
	Upon completion of one or more long-term security action plans, Interior plans to seek
from a recognized accreditation entity, independent accreditations of the covered systems as
compliant with 0MB Circular A-130. If the independent accreditation entity accredits the
covered information technology system, Interior proposes to request that the Court's oversight of
that system would end. If' the independent accreditation entity were to decline to accredit the
covered information technology system, Interior would produce and implement an action plan to
correct any identified deficiencies.
5
<< COB00006 >>
Respectfully submitted,
ROBERT D. McCALLUM, JR
Assistant Attorney General
STUART E. SCHIFFER
Deputy Assistant Attorney General
J.	CHRISTOPHER KOHN
Director
~
SANDRA P SPO(5NER
Deputy Director
JOHN T. STEMPLEWJCZ
Senior Trial Attorney
MATTHEW J. FADER
Trial Attorney
Commercial Litigation Branch
Civil Division
P.O. Box 875
Ben Franklin Station
Washington, D.C. 20044-0875
(202) 514-7194
OF COUNSEL:
Sabrina A. McCarthy
Department of the Interior
Office of the Solicitor
6
<< COB00007 >>
CERTIFICATE OF SERVICE
I declare under penalty of perjury that, on December 7, 2001, I served the foregoing
Notice of Actions Taken by the Department of Interior to Comply With December 5, 2001
Temporary Restraining Order, by facsimile only, in accordance with their written request of
October 31, 2001, upon:
Keith Harper, Esq.	Dennis M Gingold, Esq.
Lorna Bahby, Esq.	Mark Brown, Esq.
Native American Rights Fund	1275 Pennsylvania Avenue, N.W.
1712 N Street, NW	Ninth Floor
Washington, D.C. 20036-2976	Washington, D.C. 20004
202-822-0068	202-318-2372
by facsimile and by U.S. mail upon:
Alan L. Balaran, Esq.
Special Master
1717 Pennsylvania Ave., N.W.
12th Floor
Washington, D.C. 20006
by U.S. Mail upon:
Elliott Levitas, Esq.
1100 Peachtree Street, Suite 2800
Atlanta, GA 30309-4530
and by hand delivery upon:
Joseph S. Kieffer
Court Monitor
420 7th Street, NW
Apt 705
Washington, DC 20004
7
Erin Langsd~'F