Security problems force EPA off the Internet

Featured eBooks
Cyber Workforce
Read Now

Law Enforcement Tech

Read Now

AI in the Workplace

Read Now
By Diane Frank

By Diane Frank

|

A security audit by the General Accounting Office, the investigative arm of Congress, has uncovered serious security gaps at the Environmental Protection Agency and has forced the agency to temporarily shut down its Internet connection

Following a report about severe computer security holes and a request from the House Commerce Committee, the Environmental Protection Agency Thursday temporarily shut down its connection to the Internet.

Committee chairman Rep. Tom Bliley (R-Va.) and Oversight and Investigations Subcommittee chairman Rep. Fred Upton (R-Minn.) called for the shutdown after meeting with the General Accounting Office team that has been performing a security audit at EPA. During its audit, the team broke into many of the agency's most sensitive systems and databases, including the EPA National Computing Center's mainframe in Research Triangle Park, N.C. That mainframe is one of the systems the White House named in 1998 as critical to defending against cyberattacks.

Bliley planned to hold a hearing Feb. 17 to discuss the GAO findings. But in a Feb. 16 letter to EPA Administrator Carol Browner, Bliley and Upton postponed the hearing until March and asked EPA to shut down its Internet connection because the corrective action taken by EPA to date was "clearly not enough."

"This state of affairs is simply unacceptable," the letter states. "We call on you to follow the precedent set by the Department of Energy last year, when it faced a computer security crisis, and immediately shut down the Internet connection to your agency data systems until such time as you can provide reasonable assurance that the major vulnerabilities identified by GAO have been at least temporarily corrected or mitigated."

The shutdown comes on the heels of a strong push from the White House to secure federal and private sector information systems after a series of denial-of-service attacks last week brought down several major electronic commerce sites. The administration's efforts include holding federal agencies as a model of security for the private sector, but officials acknowledge that the government has long way to go.

"We're not doing a good enough job in making sure that the government's own systems are secure," White House chief of staff John Podesta said Tuesday at the president's cybercrime summit. "We need to enhance the security on the government systems and make sure that they're not broken into, that the firewalls are in place and that we're practicing good security procedures."

See related story, The EPA cracks down on security

IN THIS SERIES

Zombie attacks can be traced

Network security problems at EPA "serious and pervasive"

Security problems force EPA off the Internet

Industry teaming on cybersecurity analysis center

FBI urges Congress to provide more cybersecurity funding

Justice Department studying cybercrime law

Feds to industry: You have a responsibility for security too

DMS security cracked during testing

Details emerge on Clinton cybersecurity summit

Cyber security meeting participants list

Asleep at the security wheel?

NSA concerned about PKI scalability

More money needed for cybersecurity

Few downloaded FBI tool to detect e-commerce attacks

Details of President Clinton's National Plan for Information Systems Protection

Related Sites

FBI counter-denial-of-service software

BY Diane Frank
Feb. 17, 2000

More Related Links

NEXT STORY: Affinity groups key to making government better