EPA Security 'Ineffective,' Says GAO

Aug. 15, 2000
EPA's computer systems are "highly vulnerable to tampering,\r\ndisruption and misuse," according to a report by the General\r\nAccounting Office (GAO).

EPA''s computer systems are "highly vulnerable to tampering, disruption and misuse" by both users within the agency and outside hackers, according to a report released Friday by the General Accounting Office (GAO).

The report says that despite aggressive actions by EPA to reduce the exposure of its systems and data, the computer systems are "riddled with security weaknesses."

In February, EPA shut down its Internet connection to protect sensitive confidential information that was easily accessible from the public Web site.

Since then, the agency has been conducting a security overhaul. The GAO report addresses the problems that existed before February, and investigators said that they have not yet begun to test the effectiveness of the new security controls.

GAO''s report was commissioned by Rep. Tom Bliley, R-Va., chairman of the House Commerce Committee, who requested that EPA close its Web server in February after he raised concerns that EPA did not have adequate security to protect sensitive data on the site.

During GAO tests, investigators simulated the type of attacks that might be used by an computer hacker intruding via the Internet. Investigators readily breached and took control of EPA''s firewall -- a software package that controls the content of inbound and outbound computer network traffic.

They were also able to guess many of EPA''s passwords and decrypt encrypted password files by using commonly available "password-cracking" software.

The report also detailed seven examples in 1998 and 1999 of how computer hackers successfully launched attacks against the agency.

"These weaknesses require immediate attention, and EPA has begun steps to address them," said the report. "However, like other organizations ensuring that these improvements continue to be effective and implementing a sustainable information security program will require top management support and leadership, consistent oversight, and perhaps, additional levels of technical and funding support."

In response to the report, EPA conceded to technical problems found by GAO, but affirmed its long-term plan for the security of the agency''s systems.

by Virginia Sutcliffe

Sponsored Recommendations

3 Essential Elements for a Strong Safety Culture

March 13, 2024
Organizations globally have increased their attention on safety culture: trying to figure out what it really is and the aspects that are necessary to develop and sustain it. And...

Making the Case for Occupational Health Software

March 13, 2024
Deciding to invest in Occupational Health (OH) software can be a challenging leap for many organizations. This article will equip businesses with insightful strategies for effectively...

Fighting the Flu: Solutions for the Workplace

March 13, 2024
Seasonal flu continues to wreak considerable havoc both on individual wellness, as well as on our business continuity and productivity. Explore these solutions for protecting ...

Preventing SIFs with Digitization: Reduce Serious Injuries and Fatalities with Technology

March 13, 2024
This eBook discusses the origins of SIF prevention, outlines principles, models and tools available to EHS leaders to better detect and address SIF potential in their business...

Voice your opinion!

To join the conversation, and become an exclusive member of EHS Today, create an account today!