GIS Mapping, Education and Research
Home   Store   Free GIS   Education   Free Shapefiles   Census   Weather   Energy   Climate Change   News   Maps   TOPO   Aerial   GPS   Learn GIS

DOWNLOAD SHAPEFILES: Canada FSA Postal - Zip Code - U.S. Waterbodies & Wetlands - Geographic Names - School Districts - Indian Federal Lands
Zip Code/Demographics - U.S. Streams, Rivers & Waterways - Tornadoes - Nuclear Facilities - Dams & Risk - 2013 Toxic Release Inventory TRI

FREE MAPCRUZIN UPDATES
Enter your e-mail



GIS Shapefile Store - for Beginners & Experienced GIS Users Alike. Geographic Names Information System, Nuclear Facilities, Zip Code Boundaries, School Districts, Indian & Federal Lands, Climate Change, Tornadoes, Dams - Create digital GIS maps in minutes.

Toxic Release Inventory TRI Shapefiles

Canada FSA Postal Code Shapefile

GNIS Shapefiles 2,000,000+ Points

Nuclear Energy Facilities in the U.S.

Download Zip Code with Demographics Shapefiles

Download U.S. Streams & Rivers Shapefiles

Download Water Body & Wetland Shapefiles

Download Zip Code Boundary Shapefiles

Download School District Shapefiles

Download Indian & Federal Land Shapefiles

Download Climate Change Shapefiles

Download Tornado Shapefiles

Download Dams & Risks Shapefiles

Follow Mapcruzin.com on Twitter Follow on Twitter

A Member of the
Reimagination Network

Didn't find what you are looking for? Email me and I'll find it for you.

Progressive Links

Federation of American Scientists

Physicians for Social Responsibility

Public Employees for Environmental Responsibility

Union of Concerned Scientists

Alternet

Reader Supported News

Common Dreams

Truthout

Huffington Post

Media Matters

Think Progress

Grist Environmental News

Have a question or comment? Post them at the MapCruzin Blog.

Climate Shift Blog

MapCruzin Consulting
GIS and Google Maps Development, Website Creation and Hosting, Fast and Affordable.

GIS Tutorials

GIS Basics

GIS Terminology

Of Interest

Arctic National Wildlife Refuge Maps

Climate Shift - The effects of climate shift on the future of planet earth and its inhabitants.

Right to Know or Left to Wonder?

Hazardscapes - Toxic and Nuclear Risks in your backyard.

War & Environment

Worst Case Scenarios: Terrorism & industrial chemicals.


Subscribe for Updates


Politics Plays Prominent in Government Denial of Service Attack on Itself

Sponsors

<-- Terrorism and Industrial Chemicals





Let Representative Tom Bliley Know What You Think! (tom.bliley@mail.house.gov).

See Also:
The Real Threat is the Internet and Environmentalism (U.S. Chamber of Commerce)
Hack Attacks Raise Specter of Government Intervention (Center for Democracy and Technology)
EPA's Computers Said Vulnerable (LA Times)
EPA's computers accessible through Web site, lawmaker says (Associated Press)
CMA Statement (E-Wire Press Release)

To join the omb watch's ctw listserv and learn more about the shutdown of EPA's website Click Here. Once you've joined you can read the archived messages as well as receive new ones.

Representative Bliley has also been active, encumbering our Right-To-Know about the "worst case scenario" of chemical accidents. For more information see our Chemical Accident Preparedness Maps and join RMP-Watch.


Politics Plays Prominent in Government Denial of Service Attack on Itself: An OMB Watch Analysis of EPA Web Site Shut Down

February 22, 2000

(For the various reports, letters, and information this analysis references, go to www.ombwatch.org.)

Late in the evening on Wednesday, February 16, the Environmental Protection Agency (EPA) without any warning shut down its Internet services, including its web site and email services. The public, which monthly racks up millions of visits on EPA's web site, could not access EPA's web site (www.epa.gov), and there has been no way to communicate via email with EPA employees.

Rep. Thomas J. Bliley (R-VA), who chairs the powerful House Commerce Committee, has been conducting a McCarthy-like campaign against "cyber-terrorism." Instead of Red-baiting, however, Bliley is Web-baiting. His threats unnecessarily forced EPA to shut down and drew public attention to issues that should have been resolved quietly. Now, once EPA brings its site back online, it will draw the attention of hackers to try to breach EPA security. The shut down of EPA's web site leaves other agency webmasters wondering if their systems could be next. If Rep. Bliley had jurisdiction over Internet security, would he push for a shut down of the entire Internet?

Sponsors

EPA also should not escape criticism. EPA has not taken adequate steps to insure computer security. Its actions (and inactions) are indicative of a broader problem the agency has in managing its information resources. The result, coupled with the Bliley-EPA feud, is that the public loses.

Impact on People

People have grown to depend on EPA's web site to communicate with their government. Even since late Wednesday night, when the site went down, a man in Alaska preparing for a public hearing could not find out about the waste handling record on a local landfill. College students in Florida could not complete a class assignment to analyze the environmental performance of companies. A father in California could not search EPA's Envirofacts to locate polluters in his community. Business and community groups, insurance companies and educators, attorneys and students alike were hurt by this action.

The long-term impact on the agency's credibility could be severe. One attorney currently engaged in a lawsuit with big industry believed this shut down would affect his ability to argue his case and hurt the agency's ability to enforce environmental laws and force polluters to operate in the sunshine.

Background

All this resulted from Bliley's request some months ago for a General Accounting Office (GAO) audit of EPA's computer security. GAO worked closely with EPA staff in the process. As the audit was coming to a close in December, GAO procedures required it to share its findings with EPA.

The problems at EPA mostly dealt with bad to poor computer management: ineffective firewalls; lack of controls (e.g., passwords); logs that did not capture hackers; and computer doors that had been left open. GAO found EPA's "vulnerabilities... have been exploited by both external and internal sources." It appears that GAO was able to take control of a key piece of network security equipment, a "router," and then capture the password of anyone logging on to the computer mainframe computer at Research Triangle Park in North Carolina.

Rep. Bliley asked GAO to give him a copy of the letter to EPA and then, on December 20, sent EPA Administrator Carol Browner a letter highlighting problems that GAO found. The letter requests EPA to "report back to me within 10 days ... with a detailed description of the corrective actions EPA intends to take ... [and] the dates upon which EPA anticipates the corrective actions will be implemented..." The Bliley action heightened concerns at EPA because the letter, unlike the GAO communication, became public.

EPA responded with information about its corrective actions. Nonetheless, Bliley scheduled a hearing for February 17 to discuss the GAO findings and EPA's response. According to testimony planned for the hearing, GAO found "serious and pervasive problems that essentially render EPA's agencywide information security program ineffective."

GAO's testimony, which Bliley released at a February 17 press conference, indicates that EPA had been warned of various computer security problems as early as 1997 through Inspector General reports and had done little to fix the problems. GAO notes that the volnerabilities "illustrate deficiencies in EPA's ability to detect, responde to, and document security incidents affecting its systems." GAO provided some examples of security problems, including an intruder gaining unauthroized access to a state university computer through the EPA site, the creation of a "chat room" on an EPA computer server for hackers to post notes, and two attacks by hackers that slowed EPA's computer system and may have launched a denial of service attack against an Internet service provider. Other serious intrusions may have occurred, but there is no evidence in the GAO report of violating enforcement or trade secret data.

Bliley and Rep. Fred Upton (R-MI), the chair of the Subcommittee on Oversight and Investigations, sent EPA Administrator Carol Browner a letter on February 15 postponing the February 17 hearing and calling on EPA to "Immediately shut down the Internet connection to your Agency data systems until such time as you can provide reasonable assurance that the more vulnerabilities identified by GAO have been at least temporarily corrected or mitigated." Bliley posted the letter on his web site, creating fears at EPA that hackers would now try to breach the EPA system.

The next day, on February 16, Bliley issued a press release with the headline, "GAO Finds Cyber Insecurity at EPA" which also called for EPA to shut down its Internet connections because of serious security threats. That evening EPA shut down its web and email Internet services, claiming that Bliley's actions put them in a vulnerable position and implicitly encouraged hackers to attempt breaching the system.

Then, on February 17, Bliley called a press conference and released the GAO testimony. The GAO statement, however, never called for EPA to shut down its Internet connection. Bliley was determined to release GAO's sensitive security findings even though not all of them had been provided to EPA and EPA had not been given any time to prepare for the release of the findings.

It should be noted that GAO does not have evidence of data being tampered with or violations of trade secrets or enforcement data. In some cases where there were violations, they resulted in criminal investigations, although EPA had to be notified by the Justice Department of the violations.

Bliley was correct in pursuing computer security problems at EPA. The fact that GAO was able to penetrate the router, then easily obtain certain passwords is an indication of serious problems. And he may have been at wit's end to get EPA to take corrective action, especially since EPA has known about computer security glitches for some time and done little to fix them. But going public was the wrong answer.

EPA had been cooperating with GAO on the security investigation. It had provided detailed system specifications to assist their investigation. Moreover, EPA took no special steps to track GAO's "hacking" attempts but studiously avoided interfering with GAO's work.

Why Go Public?

GAO never recommended shutting down the Internet connection. And GAO pointed out that since December, when it notified EPA of certain security problems, it "resulted in quick actions" by EPA. The fact is that EPA had already begun to move forward to fix the "firewall" problems and appointed a "Technical Information Security Staff" to address the GAO findings. Bliley was informed of this but still went forward with a public call to shut down EPA's Internet connection.

Why? His actions raise speculation about ulterior motives.

For a decade now, EPA has been running a very successful right- to-know program that discloses to the public industrial toxic chemical releases into the air, land and water. Public disclosure of polluters' activities under the Toxics Release Inventory (TRI) program has led to a 43% reduction in the release of chemicals included in the program.

In the next few weeks, EPA will release data on toxic chemical pollution from major new sources, including mining and electrical utilities, in conjunction with its annual TRI release. The shut down of EPA's web site will most likely delay release of this new data.

According to the Center for Responsive Politics, Bliley also happens to receive significant campaign contributions from oil and gas, mining, electrical utilities, and chemical manufacturing companies. Searches of EPA's Toxics Release Inventory on RTK NET find that many of these same companies -- including Union Carbide, Texaco, Shell, Eli Lilly, Rhone-Poulenc, and Eastman Kodak report large amounts of chemical pollution.

Why is it, then, that computer security at government agencies worries Rep. Bliley more than physical plant security at some of the country's biggest chemical plants? Last summer, Rep. Bliley helped industry hide from the public the harm communities faced in potential worst-case chemical accidents at tens of thousands of chemical manufacturing, processing or storage facilities. A government study found that physical security problems at these plants paralleled the computer security problems found at EPA. But Chairman Bliley continued to fight efforts to beef up security at these plants and pushed efforts to squash disclosure of this information. Why is he focusing so much on EPA's computer security while ignoring physical security at these chemical plants?

EPA Should Share Blame

At the same time, we should not exonerate EPA. When GAO brought these problems to the attention of EPA officials, why did the agency not immediately address these problems? In the face of reports dating as far back as 1997 raising concerns over computer security problems, EPA did little until recently to solve its problems.

And why has EPA not taken the leadership to develop a comprehensive information plan that covers computer management issues? EPA Administrator Browner last year took the helpful step of creating a new office within EPA devoted solely to collecting, managing and providing public access to information to protect human health and the environment. But since then no one has been appointed to run the office and the agency has become bogged down in rearranging staff and budgets.

Next Steps

EPA could take a number of steps to strengthen the public's right to know about environmental hazards and threats to human health. For example, EPA should:

* Develop a program to reduce the public's burden in obtaining, understanding and using environmental information to promote environmental protections. Such a program should include training and assistance grants, telephone assistance "hot lines," collaborations with libraries and others in providing data, and improvements to the Web site to make it more user- friendly and information easier to find;

* Require those who submit information to EPA (e.g., industrial facilities) to justify requests to withhold information from the public in order to safeguard trade secrets;

* Set an expiration date on trade secret shields. The potency of trade secrets comes from the timeliness of the information. An industry competitor's ten-year-old business plan is irrelevant compared with one developed last month. After a specified time period information shielded from the public should be disclosed to the public; and

* Create an index of all EPA's information on its web site in order to comply with legal requirements. Most federal agencies do not even list of information they make available to the public. Amendments to the Freedom of Information Act passed in 1996 require all federal agencies to make an index of all information products and either link to the information itself or explain how the information can be obtained. Such an index would be helpful to the public in locating information as well as helpful to the agency in understanding what information is or is not available.

We urge the President to exercise leadership and make this new information office a showpiece for all federal agencies. He should ensure EPA is adequately funded and managed to make the best use of modern information technology. And he should ensure that the public right to know is never again compromised.

------------------------------------------------------
Rick Blum P: (202) 234-8494
OMB Watch (CFC #0889) F: (202) 234-8584
1742 Connecticut Ave NW Em: blumr@ombwatch.org
Washington, DC 20009-1171
Web: www.ombwatch.org
Right-To-Know Network: www.rtk.net

See Also:
The Real Threat is the Internet and Environmentalism (U.S. Chamber of Commerce)
Hack Attacks Raise Specter of Government Intervention (Center for Democracy and Technology)
EPA's Computers Said Vulnerable (LA Times)
EPA's computers accessible through Web site, lawmaker says (Associated Press)
CMA Statement (E-Wire Press Release)

<-- Terrorism and Industrial Chemicals

Didn't find what you are looking for? We've been online since 1996 and have created 1000's of pages. Search below and you may find just what you are looking for.



MapCruzin.com is an independent firm specializing in the publication of educational and research resources. We created the first U.S. based interactive toxic chemical facility maps on the internet in 1996 and we have been online ever since. Learn more about us and view some of our projects and services.

If you have data, GIS project or custom shapefile needs send me an email.

Contact Us

Report Broken Links

Subscribe for Updates

Advertise on MapCruzin

Follow on Facebook
News & Updates

Find: Maps, Shapefiles, GIS Software & More

MapCruzin Blog for updates, questions and answers

Mapcruzin Free GIS Tools, Resources, News and Maps

↑ Grab this Headline Animator

Blog Updates

More Blog Updates

Downloads

Google Earth Toxic Release Inventory (TRI) Maps
Lester Brown's Plan B 3.0
State GIS Shapefiles, Maps & Resources
GIS Shapefiles & Maps
GIS Programs, Tools & Resources
Free World Country & Regional Maps
GIS / GPS Careers and Job Positions
Disease Outbreak Maps
TOPO Maps
Extreme Weather & Disaster Maps
Free World Maps from the CIA Factbook
Arctic National Wildlife Refuge ANWR Maps
Oil and Gas Maps
Africanized Honey Bees
Renewable Energy Potential Maps of the United States
Terrorism Maps
War Maps
Google Maps
Weather Maps
GPS Resources
Historical Maps of the World
Google Earth
Library of Congress American Memory Map Downloads
Toxic Chemical Pollution Maps
Climate Change Maps
Toxic Release Inventory (TRI) Maps
Census Shapefiles
World Maps

Issues

Environmental Justice
Data Sources
Greenwash & JunkScience
Statistical Resources
Wireless Dangers
Surviving Climate Change
Global Right-To-Know
Creating Living Economies
Books of Note
Toxic Klamath River
Federal Lands Maps
TRI Analysis
TRI Webmaps
EnviroRisk Map Network
Community-Based Research
Right-To-Know or Left to Wonder?
Chemical Industry Archives
21st Century Warfare
Biotechnology
Nanotechnology
Globalization/Democracy
National Parks and Public Lands
Trade Secrets/Toxic Deception
GIS Books
Our Projects
Other Projects
1999 Archive Environews
Environmental Books
Environmental Links
Redwood Coast Information
Recycle, Salvage, Reuse

Resources
Shapefile Store
Free GIS Software
Free Map Downloads
Free Shapefiles
Free Remote Sensing
Free Topo Maps
Free GIS Tutorial
Free GPS
ToxicRisk.com
ClimateShift.com
Maptivist.com

About MapCruzin - Cookies, Privacy, Fair Use and Disclaimer - Advertise on MapCruzin.com

Website development and hosting provided by Michael Meuser

Copyright © 1996 - 2017 Michael Meuser, All Rights Reserved
MapCruzin is a Pop-Up Free Website -- Best Viewed With ANY Browser