EPA Security 'Ineffective,' Says GAO

Aug. 15, 2000
EPA's computer systems are "highly vulnerable to tampering,\r\ndisruption and misuse," according to a report by the General\r\nAccounting Office (GAO).

EPA''s computer systems are "highly vulnerable to tampering, disruption and misuse" by both users within the agency and outside hackers, according to a report released Friday by the General Accounting Office (GAO).

The report says that despite aggressive actions by EPA to reduce the exposure of its systems and data, the computer systems are "riddled with security weaknesses."

In February, EPA shut down its Internet connection to protect sensitive confidential information that was easily accessible from the public Web site.

Since then, the agency has been conducting a security overhaul. The GAO report addresses the problems that existed before February, and investigators said that they have not yet begun to test the effectiveness of the new security controls.

GAO''s report was commissioned by Rep. Tom Bliley, R-Va., chairman of the House Commerce Committee, who requested that EPA close its Web server in February after he raised concerns that EPA did not have adequate security to protect sensitive data on the site.

During GAO tests, investigators simulated the type of attacks that might be used by an computer hacker intruding via the Internet. Investigators readily breached and took control of EPA''s firewall -- a software package that controls the content of inbound and outbound computer network traffic.

They were also able to guess many of EPA''s passwords and decrypt encrypted password files by using commonly available "password-cracking" software.

The report also detailed seven examples in 1998 and 1999 of how computer hackers successfully launched attacks against the agency.

"These weaknesses require immediate attention, and EPA has begun steps to address them," said the report. "However, like other organizations ensuring that these improvements continue to be effective and implementing a sustainable information security program will require top management support and leadership, consistent oversight, and perhaps, additional levels of technical and funding support."

In response to the report, EPA conceded to technical problems found by GAO, but affirmed its long-term plan for the security of the agency''s systems.

by Virginia Sutcliffe

About the Author

EHS Today Staff

EHS Today's editorial staff includes:

Dave Blanchard, Editor-in-Chief: During his career Dave has led the editorial management of many of Endeavor Business Media's best-known brands, including IndustryWeekEHS Today, Material Handling & LogisticsLogistics Today, Supply Chain Technology News, and Business Finance. In addition, he serves as senior content director of the annual Safety Leadership Conference. With over 30 years of B2B media experience, Dave literally wrote the book on supply chain management, Supply Chain Management Best Practices (John Wiley & Sons, 2021), which has been translated into several languages and is currently in its third edition. He is a frequent speaker and moderator at major trade shows and conferences, and has won numerous awards for writing and editing. He is a voting member of the jury of the Logistics Hall of Fame, and is a graduate of Northern Illinois University.

Adrienne Selko, Senior Editor: In addition to her roles with EHS Today and the Safety Leadership Conference, Adrienne is also a senior editor at IndustryWeek and has written about many topics, with her current focus on workforce development strategies. She is also a senior editor at Material Handling & Logistics. Previously she was in corporate communications at a medical manufacturing company as well as a large regional bank. She is the author of Do I Have to Wear Garlic Around My Neck?, which made the Cleveland Plain Dealer's best sellers list.

Nicole Stempak, Managing Editor:  Nicole Stempak is managing editor of EHS Today and conference content manager of the Safety Leadership Conference.

Sponsored Recommendations

Elevating Safety: Empowering Supervisors to Become Safety Advocates

Aug. 27, 2024
Explore the skills, knowledge and techniques that supervisors need to effectively manage the safety of their crew. This guide will examine the causes and symptoms of supervisory...

Top 10 Causes of Distracted Driving—and What They All Have in Common

Aug. 27, 2024
The results reveal the top ten causes of distracted driving, and make it clear that not all distractions are created equal.

Providing the Best PPE is No Guarantee

Aug. 27, 2024
Advancements in PPE are impressive—better protection, comfort and style. But even if you’ve provided the best PPE, there is no guarantee it will be worn.

6 Qualities That Make a Safety Leader

Aug. 27, 2024
A strong safety culture depends on dedicated leaders. They are the people who spearhead the fight for a safer work environment. A good safety leader isn’t shy about bringing concerns...

Voice your opinion!

To join the conversation, and become an exclusive member of EHS Today, create an account today!