Howell Addresses Interior Lawsuit

Today at AFFIRM's annual leadership awards luncheon, OMB deputy administrator for E-Government and information technology Mike Howell, formerly CIO at the Interior Department, was awarded with organization's top prize for executive leadership in federal information resources management. Following the award Howell made some brief remarks about leadership and then addressed a controversial topic: the Cobell lawsuit against the federal government, which alleged that the Bureau of Indian Affairs mismanaged the individual Indian trust accounts it has controlled for over a century.

In December 2001, the judge in the case ordered Interior to disconnect several agencies, including BIA, from the Internet in response to concerns about security. Most agencies were re-connected soon after, but BIA and other agencies directly related to the Indian trust accounts remained offline until May 2008, when a judge ruled they could go back online.

"The judge found security insufficient and took employees off the Internet for six years," Howell said at today's event. "The political appointees wanted it fixed right away. They didn't understand how hard that was."

Howell said his office faced pressure from all sides to fix the security issues and restore connectivity -- from the plaintiffs' lawyers, who were persistent in their search for weaknesses, to a frustrated Congress and a hostile media. In the meantime, without use of the Internet, BIA employees lost their ability to issue payments to individual trust account holders.

"They sued us into a position where we couldn't service them," Howell said. Last year when BIA was allowed by the judge to re-connect, Howell told me that he was personally comfortable with the level of network security in place.

However, in May Nextgov reported on an unpublished report dated May 2008 from former Interior Inspector General Earl Devaney, now head of the Recovery Board. The report, which was prepared at the same time Interior was in court arguing that BIA's systems were secure, harshly criticized Interior's cybersecurity. It also quotes Howell warning that without immediate changes, the department's security program would fail.

Today Howell told me he was quoted accurately in that report, but said he was referring to the state of the department's cybersecurity as a whole, not BIA specifically. He stood by his earlier statements that he was comfortable with the level of cybersecurity when the agency was re-connected last year and said BIA's systems were verified three separate times by independent audits.

While his explanation may satisfy some followers of the Cobell lawsuit, it can't be very encouraging for Interior employees to know that as recently as last year, their department's systems were wide open to attack and in danger of failing.