MapCruzin.com
RTK or Left-To-Wonder?
Recommended Reading

Update on EPA shutting down its Web site

Fair Use Notice
Let Representative Tom Bliley Know What You Think! ([email protected]).

The Real Threat is the Internet and Environmentalism (U.S. Chamber of Commerce)
Hack Attacks Raise Specter of Government Intervention (Center for Democracy and Technology)
EPA's Computers Said Vulnerable (LA Times)
EPA's computers accessible through Web site, lawmaker says (Associated Press)
CMA Statement (E-Wire Press Release)

To join the omb watch's ctw listserv and learn more about the shutdown of EPA's website Click Here. Once you've joined you can read the archived messages as well as receive new ones.

Date sent: Thu, 17 Feb 2000 17:04:43 -0500
To: "Federal information policy listserv"
From: "Gary D. Bass"
Subject: Update on EPA shutting down its Web site
Send reply to: "Federal information policy listserv"

A bit more update on the shutdown of the EPA web site. What a horror story!

CONCLUSION: There is no rationale for the unprecedented shutting down of the EPA web site and email services, cutting off a major means for the public to communicate with EPA. There is no question that EPA has computer vulnerabilities, but these could have been resolved with good computer management. In the meantime, Rep. Bliley (R-VA), the chair of the House Commerce Committee, basically held a gun to EPA's head, effectively telling EPA to shut down its site or it would put information out about security risks, making it easier for the public to hack EPA's site, instead of helping EPA make fixes. This does not exonerate EPA. EPA has known about its computer vulnerabilities for some time and has done little to fix the problems. Despite the computer problems at EPA, there was no "crisis." The General Accounting Office never recommended shutting down the EPA site, but Bliley, who has done the bidding of powerful special interests, has acted to thwart public access.

THE STORY: Some months ago Rep. Thomas Bliley (R-VA), the chair of the House Commerce Committee, requested the General Accounting Office (GAO) to do a computer security audit at EPA. As the audit was coming to a close, GAO was required to share the information with EPA. But, reportedly, Bliley was upset since he didn't want EPA fixing the problems. Rather, he wanted to bash EPA. He required GAO to give him a copy of the letter to EPA and then, it is rumored, he leaked some portions to the press, making the problems at EPA sound horrendous.

GAO did, however, find "serious and pervasive problems that essentially render EPA's agencywide information security program ineffective." The problems at EPA mostly dealt with bad to poor computer management: ineffective firewalls; lack of controls (e.g., passwords); logs that didn't capture hackers; computer doors that had been left open. GAO found EPA's "vulnerabilities...have been exploited by both external and internal sources." It appears that GAO was able to take control of the router and then capture the password of anyone logging on to the system.

GAO does not have evidence of data being tampered with or violations of trade secrets or enforcement data. In some cases where there were violations, it resulted in criminal investigations. And while there are big problems, GAO never recommended that EPA shut its web site down. (In fact, GAO has found computer security problems at other agencies, such as State Dept, but it appears no agency has completely and this thoroughly cut off its Internet connection and email services.)

Bliley planned a hearing today (2/17) on EPA computer security and had asked GAO to testify. EPA raised concerns about holding the hearing. Reportedly, Bliley gave EPA an ultimatum: shut down the EPA web site and all email services or the public would hear about how to hack the EPA web site. EPA decided to shut down their Internet services last night.

Bliley postponed the hearing but called a press conference at 1 p.m. today. At the press conference, Bliley released the GAO testimony and supported EPA's decision to shut down the web site. EPA claims it was disappointed that it had to shut down.

According to folks in the White House, EPA is quickly trying to put the public web site back up and sever its connection to the internal systems. It is not clear when this will happen.

There are many issues that this "crisis" raises, but two stick out.

First, if EPA had security violations, why didn't Bliley give EPA the time that is needed to fix the problems that GAO found? Why did he hold a gun to EPA's head? Even if there were computer security problems, it could have been handled in a manner that did not disrupt public access to the agency and did not create a "crisis."

This raises questions about Bliley's objectives. Maybe it is a coincidence that a number of his campaign contributors are regulated by EPA. For example, a large grouping of contributors are from the mining and electrical gas sectors, which for the first time will need to report to EPA on toxic releases. Some of his larger contributors are listed as major polluters. Bliley is the same person who pushed the terrorism argument last summer as a reason to withhold public access to information about chemical hazards in our communities. Instead of improving public access, Bliley has taken a course of thwarting EPA and, hence, public access.

Second, EPA has known for many years that it has computer management problems. Inspector General reports since 1997 have raised concerns, but little has been done to fix the problems. When GAO showed EPA it had problems, why didn't it immediately address these problems?

EPA Administrator Browner took the helpful step to create an Information Office within EPA. But since then no one has been appointed to run the office. Increasingly, the Office is proving to be less than useful, maybe even a major disappointment. Why has the Office not taken the leadership to develop a comprehensive information plan that covers computer management issues?

--------------------------------------------
Gary D. Bass
OMB Watch
1742 Connecticut Ave., N.W., Washington, D.C. 20009
TEL: (202) 234-8494 FAX: (202) 234-8584
[email protected]
http://www.ombwatch.org
Let Representative Tom Bliley Know What You Think! ([email protected]).

The Real Threat is the Internet and Environmentalism
Hack Attacks Raise Specter of Government Intervention (Center for Democracy and Technology)
EPA's Computers Said Vulnerable (LA Times)
EPA's computers accessible through Web site, lawmaker says (Associated Press)
CMA Statement (E-Wire Press Release)

To join the omb watch's ctw listserv and learn more about the shutdown of EPA's website Click Here. Once you've joined you can read the archived messages as well as receive new ones.

More Environmental Disclosure News
Environmental News

MapCruzin.com
RTK or Left-To-Wonder?
Recommended Reading

Contact MapCruzin 



Website maintained by

Michael R. Meuser













Copyright � 1996-2009 MapCruzin.com

All Rights Reserved

Visit us for Free GIS Maps and Resources