Source: LA Times
To join the omb watch's ctw listserv and learn more about the shutdown of EPA's website Click Here. Once you've joined you can read the archived messages as well as receive new ones.
EPA's Computers Said Vulnerable
By H. JOSEF HEBERT,
Associated Press WriterWASHINGTON--Hackers could penetrate the Environmental Protection Agency's secure computers through its publicly-accessible Web site, said a House committee chairman Wednesday who called on the agency to shut down its Internet connection.
"Virtually all of (the EPA's) computer data and systems may be highly vulnerable to penetration, misuses or attack by unauthorized users via the Internet," Rep. Thomas Bliley, R-Va., chairman of the House Commerce Committee claimed, citing a not-yet-released report to his committee about EPA computer security problems.
Bliley said that investigators from the General Accounting Office in December were able to penetrate sensitive areas of the EPA computer system through the agency's public Web site and gain access to sensitive material not generally available to the public.
The report was to have been presented at a hearing on Thursday, but Bliley abruptly canceled the hearing on Wednesday and, instead, released a copy of a letter he had sent to EPA Administrator Carol Browner, urging her to shut down the EPA's publicly accessible Web site.
Late Wednesday, Browner directed that the EPA's Web site be temporarily shut down because of concern that the attention brought to the issue might prompt hackers to attack it. An EPA spokesman, David Cohen,said additional security measures were being developed and would shortly be in place. He said the site would then be reopened.
EPA spokesman David Cohen said that the agency for some time has been aware of the GAO's findings last December, and had improved security of the EPA computer system. He said for the time being EPA had no plans to shut down the publicly available agency Web site "but as we continue to evaluate our security needs we will do whatever is necessary to ensure computer security."
The agency site contains a vast array of public data from statistics on air pollution to the amount of toxic chemicals a company releases into a community and pollution levels in lakes and streams.
"The majority of information on EPA's web site is public information," said Cohen. "In that portion of our computer system that is proprietary, we have taken steps to build in fire walls, strengthen security, and we will continue to do whatever is necessary to upgrade security."
But Bliley accused Browner of "gross mismanagement of cyber security" and charged that she had not taken adequate steps to ensure that EPA's data on secure computer systems-including confidential financial and trade information provided by companies as part of a regulatory proceeding-are protected.
Bliley in his letter provided no specific information on what data was penetrated, but said that the GAO investigation had uncovered "major vulnerabilities."
A committee source, familiar with the GAO report, said that GAO investigators had penetrated sensitive nonpublic computer systems by breaking access codes and other means using the EPA's Internet connection as a window.
Under Browner the EPA has expanded dramatically the availability of environmental data on its publicly accessible Internet Web site and touted the increased ability of the public to access such information to make decisions on environmental protection and their health and safety.
Some environmentalists accused Bliley of trying to stir up controversy to intimidate the EPA from making such information available-a charge a Bliley spokesman strongly denied.
"This is nothing more than an attempt to keep the American people from getting important environmental information.
It's really outrageous," said Daniel Weiss of the Sierra Club. He said the EPA in the coming weeks was about to put onto its Web new and expanded information about toxic pollution from industrial facilities.
Eric Wohlschlegel, a spokesman for Bliley, denied any such intent. "This is a matter of protecting sensitive and confidential data that could put national and economic security at risk. EPA's assertion that this sensitive data is now secure behind a firewall is absolutely false."
The decision to delay the hearing was an effort to provide the EPA sufficient time to fix these serious problems, Wohlschlegel said.
An EPA official, who spoke on condition of not being identified further, also questioned the timing of Bliley's aggressive posture because the EPA weeks ago had been made aware of the GAO findings and had been responding by putting new safeguards in place. This official, however, also acknowledged that the GAO exposed some weaknesses and that more work on cyber security needs to be done.
More Environmental Disclosure News
