A security audit by the General Accounting Office, the investigative arm of Congress, has uncovered serious security gaps at the Environmental Protection Agency and has forced the agency to temporarily shut down its Internet connection
Following a report about severe computer security holes and a request from the House Commerce Committee, the Environmental Protection Agency Thursday temporarily shut down its connection to the Internet.
Committee chairman Rep. Tom Bliley (R-Va.) and Oversight and Investigations Subcommittee chairman Rep. Fred Upton (R-Minn.) called for the shutdown after meeting with the General Accounting Office team that has been performing a security audit at EPA. During its audit, the team broke into many of the agency's most sensitive systems and databases, including the EPA National Computing Center's mainframe in Research Triangle Park, N.C. That mainframe is one of the systems the White House named in 1998 as critical to defending against cyberattacks.
Bliley planned to hold a hearing Feb. 17 to discuss the GAO findings. But in a Feb. 16 letter to EPA Administrator Carol Browner, Bliley and Upton postponed the hearing until March and asked EPA to shut down its Internet connection because the corrective action taken by EPA to date was "clearly not enough."
"This state of affairs is simply unacceptable," the letter states. "We call on you to follow the precedent set by the Department of Energy last year, when it faced a computer security crisis, and immediately shut down the Internet connection to your agency data systems until such time as you can provide reasonable assurance that the major vulnerabilities identified by GAO have been at least temporarily corrected or mitigated."
The shutdown comes on the heels of a strong push from the White House to secure federal and private sector information systems after a series of denial-of-service attacks last week brought down several major electronic commerce sites. The administration's efforts include holding federal agencies as a model of security for the private sector, but officials acknowledge that the government has long way to go.
"We're not doing a good enough job in making sure that the government's own systems are secure," White House chief of staff John Podesta said Tuesday at the president's cybercrime summit. "We need to enhance the security on the government systems and make sure that they're not broken into, that the firewalls are in place and that we're practicing good security procedures."
See related story, The EPA cracks down on security
NEXT STORY: Affinity groups key to making government better