Interior Struggles to Secure IT Systems Amid Pandemic, IG Says

Adjusting to full-time telework has been the story of the pandemic for much of the federal workforce, and a new audit of the Interior Department’s response to the crisis suggests the agency needs work ensuring its information technology systems are secure and appropriate for the pandemic and beyond.

In a report released Wednesday, the Office of the Inspector General for the Interior Department found three areas of concern regarding pandemic response, including IT issues. 

Key functions of the agency’s pandemic response include ensuring vulnerable populations, particularly the indigenous communities served by the department’s bureaus of Indian Affairs and Indian Education, are receiving the aid they need as they are disproportionately affected by the virus. Close to 70% of the Interior Department’s CARES Act funds have gone towards Indian Affairs and Indian Education, according to the report.  

But the information technology system underpinning all of the Interior Department’s daily operations is not only a poor fit for the department’s range of needs, it is also unprepared to face both an increased need for remote access as well as an increased number of cybersecurity threats, according to the report. 

“The DOI continues to struggle to implement an enterprise IT security program that balances compliance, cost, and risk while enabling bureaus to meet their diverse missions,” the audit states. 

Auditors said the crisis requires “extra vigilance” on behalf of the agency, highlighting data from the FBI indicating increased scammer activity, phishing and malware schemes during COVID-19. The Federal Trade Commission, which reports consumer complaints every weekday, has received more than 63 thousand fraud claims and more than 19 thousand reports of identity theft since January. Total consumer losses due to scams are in the ballpark of $79 million, according to the FTC. 

The trend has been similar for government agencies. The Interior Department faced 107,020 phishing attempts from June 2019 to the end of May this year, according to the inspector general report. Other agencies including Health and Human Services and the Defense Department have noted unprecedented levels of cybersecurity threat activities as hackers attempt to exploit networks made vulnerable by the fact that a much higher portion of the federal workforce is telecommuting.

In June, Sen. Maggie Hassan, D-N.H., sent letters to ten federal agencies including the Interior Department asking for an update on IT modernization. Hassan was particularly critical of the costs associated with maintaining legacy IT systems. 

“The public health emergency caused by COVID-19 underscores the need for federal agencies to invest in modernizing current IT systems that cannot meet mission expectations in a crisis,” Hassan wrote in the letter. “Failing to do so could result in costly errors, security vulnerabilities, and an inability to serve the American people.” The Interior audit, released just over a month after the letter, appears to affirm Hassan’s fears. The department spends about $1.4 billion on IT annually, according to the report, but Hassan suggested in her letter that some of that money may be being spent on obsolete systems.

Under normal circumstances, a dearth of movement on the modernization front would be an issue. But as the coronavirus pandemic continues, and dates for returning to workplaces keep getting pushed back, the problem has taken on a fresh urgency. 

In addition to cybersecurity, the inspector general highlighted challenges related to providing funding to vulnerable populations while making sure those funds are being used appropriately and maintaining public and employee safety on Interior Department lands as critical pandemic response issues that also need attention.