The Federal Agenda: ’Net access: Denied

WASHINGTON, D.C. � It was early November last year when Mike Miller, the chief of financial management for the Minerals Management Service bureau within the U.S. Department of Interior, began basking in the glow of the bureau's new Internet-based accounting system.

The glow quickly faded to gloom.

A month later, the system, designed to audit and track $300 million worth of oil, gas and coal royalties and land rental fees collected and dispersed by the bureau each month, was disconnected from the Internet under court order. After 18 months creating the new system, operations at MMS ceased operations.

"We reorganized our processes and computerized our accounting system to be totally reliant on the Internet," Miller says. "Everyone from outside [the bureau] has to come in through that portal." MMS was offline for four months, costing the bureau untold millions, including $3 million alone for consultants who stood around until the Internet was restored.

The most frustrating issue was that MMS was knocked off line not by its own actions, but as part of the fallout of a 6-year-old class-action lawsuit over mismanagement of Indian trust funds. The suit was brought by Native Americans against the Department of Interior (DOI), which oversees the Bureau of Indian Affairs (BIA), MMS and six other bureaus.

The case found that $10 billion in Indian trust money was unaccounted for, mostly because of poor record keeping and computer systems.

On Dec. 5, 2001, a court order forced the DOI to unplug from the Internet all systems housing Indian trust data pending an evaluation of BIA's computer security, which had been repeatedly criticized in government reports and was easily hacked during an independent audit.

Six months earlier, then-BIA CIO Dom Nessi publicly admitted that his department had no real security, no firewalls and potentially could be hacked by a high school student.

Not knowing exactly which systems housed Indian trust data or had access to that data, DOI disconnected BIA from the Internet and seven other bureaus including MMS, the National Park Service, and the Fish and Wildlife Service.

The fallout would bring home important lessons to all DOI bureaus: Lack of security did indeed have devastating consequences, and the Internet had become entrenched in government operations.

The fallout

"We found that we can't do business anymore without the Internet," says Dave Barna, public affairs officer with the National Parks Service. "It's so important, we can't do our jobs without it."

Once disconnected, MMS and every other DOI bureau entered a time warp that transported 71,000 employees and a Web-savvy public to pre-Internet days. Each bureau became an island, unable to electronically share data with other bureaus or the public. Employees' electronic time cards could not be filed because the DOI's National Business Center (NBC), which processes approximately $9 billion in payroll each year, also was disconnected.

"We decided to install a dedicated private line to NBC to restore our connection," says Shane Compton, deputy CIO of information resource management for the Fish and Wildlife Service.

The fax machine and telephone became the Band-Aids of choice to resume communication, which was now laborious. Bureaus had e-mail internally, but were cut off from the outside world. Some bureaus had access to their intranets, others did not. The public could no longer use Web-based DOI services, such as the National Park Service's site for reserving campsites in its 385 parks.

But the most ironic twist was that some Native Americans, who for years had questioned the integrity of a system to collect money on their behalf, saw their payments lapse or severely delayed until some order was restored.

"We are still scratching our heads over why it got so screwed up," says Ray Bjorklund, vice president of consulting for Federal Sources, a market research firm covering the federal IT market.

Observers also are scratching their heads over how the DOI, which has received $2.3 billion in IT budget money since 1999 and has an IT staff of 2,272, could not muster the resources to correct no-brainer security holes at the BIA, such as lack of firewalls or blank administrative passwords.

Alan Balaran, appointed by the court as Special Master to oversee the DOI shutdown, said in status reports to the court that the problems had simply been "institutionally ignored" and the DOI had a "disgraceful legacy" of protecting Indian trust data.

Trying to cope

In the aftermath, the court quickly allowed some systems and bureaus, such as the U.S. Geological Survey (USGS), which provides earthquake and natural disaster data, back online citing national safety concerns. Ditto for law enforcement systems used by the DOI, which has jurisdiction over 22% of the nation's landmass, and the Wildland Fire Management System.

Government portal effort a lesson in data integration

What do the river rapids of Colorado's Gunnison Gorge, hiking trails in West Virginia's Monongahela National Forest and wildlife viewing areas in Arizona's Coronado National Memorial have in common?

Information about all those recreational facilities is being pulled into a portal Web site called Recreation OneStop, under development by the federal government as part of a plan by President Bush to create efficiencies in government and make it more accessible by the public.

While it sounds good on paper, behind the scenes the technical difficulties of pulling data together from so many diverse sources are proving to be a challenge.

"The challenge is integrating the resources, people and IT systems that the various agencies already have in place so it appears seamless to the fisherman who wants to find that perfect spot," says Scott Cameron, deputy assistant secretary for performance and management at the Department of the Interior (DOI), which is leading the Recreation OneStop initiative.

Cameron has a yearly budget of $1.5 million to meet the challenge.

Recreation OneStop's mission is to create a database of recreational information, maps and reservation services for parks, museums, forests, lakes, historic sites and urban parks run by federal, state and local governments. The effort builds on the 4-year-old Recreation.Gov Web site, a directory of about 2,200 federal recreational facilities.

"How do you build data standards is our big question," says John Mahoney, project manager for Recreation OneStop, which combines the work of 10 federal agencies and soon will include state and local governments.

"XML is a godsend for keeping data structured," says Keith Stewart, Web application developer for Recreation.Gov. "We used XML to import data from their database to our database."

Stewart also is creating a template that includes nearly 40 data fields needed for Recreation.Gov listings, such as addresses, phone numbers and available activities.

These first steps should be rather simple, Stewart says. But the next ones get more difficult as maps are incorporated and Recreation.Gov starts to transform into Recreation OneStop.

"There is a big issue around how do we take on Geographic Information Systems and geospatial information. It is very data intensive," Stewart says. Plans to solve the issue are still in the works, he says.

� John Fontana

But most bureaus were disconnected for three to four months, and are still calculating the financial impact.

The BIA is still offline. The Secretary of the Interior's office was offline until early May. In the interim, staffers went to other bureau offices inside the DOI's Washington, D.C. headquarters to send or receive e-mail.

To get back online, IT executives at each bureau had to certify that servers and PCs did not house or have access to Indian trust data.

The USGS certified 2,200 servers.

"In the first few days we did certifications on over 1,000 servers," says Anne Frondorf, deputy geographic information officer. "The people in the field offices were working into the wee hours of the morning."

Without the benefit of the Internet, USGS created a form and faxed it to each office. There, IT administrators documented the servers and their data then faxed back the forms. The box of documents was carried to the court.

The fire drill taught Frondorf a few things: "We have a lot of servers out there. We are now trying to maintain a more comprehensive database of those resources."

At the Bureau of Reclamation, the country's largest wholesaler of water, Kathy Gordon, CIO, says they had to create forms to record water data, print them out and fax them. The information is critical to dam operators who expect the data in real-time to regulate water flow to avoid floods.

"We went back to the procedures we had before the Internet," Gordon says. Y2K procedures also were dusted off and executed.

The National Park Service, which gets a million hits a day on its Web site, went dark to the public as it tried to certify its 1,327 servers.

"People looking for seasonal jobs couldn't get to our systems. We fell behind on hiring," NPS's Barna says. "We contract yearly for $120 million worth of work in parks. We pay those contracts electronically, now we had to do it manually. It cost us overtime."

The NPS had to find 20,000 time cards for its employees then have the NBC manually input the data, resurrecting a paper-based system dead for 10 years. After two weeks, NPS dropped the time cards and just paid everyone for a 40-hour week.

"We are now cleaning that up. We are going back and auditing for vacation, overtime and night pay differentials," Barna says.

But it was the MMS that truly suffered and in turn so did Native Americans.

With no accounting system, MMS had no way to track 70,000 leases or audit 200,000 transactions it makes per month for state governments, 20,000 Indian land owners and 41 tribes who own the land where natural resources are mined. Money flowed in and out unchecked. MMS sent out $202 million in four months to benefactors based on historical averages to avoid having to pay interest fees on late payments.

A four-month backlog is now being processed, which will be followed by an audit of payments made since the shutdown.

Part of the money was handed over to the BIA, but MMS could not include an accurate accounting of which people or tribes were entitled to what portion of the money.

"There were some workaround solutions, and trust payments were being processed manually," says Geoffrey Rempel, an assistant to Dennis Gingold, attorney for the plaintiffs in the case. But Rempel says that slowed payments during winter months when Native Americans had to pay heating costs.

In all, the government and public learned that the Internet has become an inseparable part of its operations.

"In 700 field offices, hours were spent at the fax machine," says Mitch Snow, public affairs officer for Fish and Wildlife. "You lose sight of just how important your Internet-based systems are."

And the shutdown confirmed what the government's General Accounting Office said in a Nov. 9, 2001, report to a congressional subcommittee: "We have reported that poor information security is a widespread federal problem with potentially devastating consequences."

Unfortunately for MMS and Native Americans, they proved just how devastating those consequences could be.

Contact Senior Editor John Fontana

'Net access: Denied

Government portal effort a lesson in data integration

Related Links