Information Security: Fundamental Weaknesses Place EPA Data and Operations at Risk: T-AIMD-00-97

McClure, David L.
February 2000
GAO Reports;2/17/2000, p1
Government Document
GAO found serious and pervasive problems that essentially render the Environmental Protection Agency's (EPA) agencywide information security program ineffective. Current security program planning and management is largely a paper exercise that has done little to identify, evaluate, and mitigate risks to the agency's data and computer systems. Moreover, on the basis of its tests of computer-based controls, GAO concludes that the computer operating systems and the agencywide computer network that support most of EPA's mission-related and financial operations are riddled with security weaknesses. Of particular concern is that many of the most serious weaknesses GAO identified--those related to inadequate protection from intrusions via the Internet and poor security planning--had been reported to EPA management in 1997 by the agency's Inspector General. The repercussions of such weaknesses are illustrated by EPA's own records, which show several serious computer security incidents in the last two years that have damaged and disrupted agency operations. GAO has also identified shortcomings in EPA's incident detection and handling capabilities that call into questions the agency's ability to fully understand and assess the nature of or damage due to its computer security breaches. The result is that EPA's computer systems are highly vulnerable to tampering, disruption, and misuse, and EPA cannot guarantee the protection of sensitive business and financial data kept on its larger computer systems or supported by its agencywide network.


Related Articles

  • Observations on the Environmental Protection Agency's Fiscal Year 2000 Performance Plan: RCED-99-237R. Guerrero, Peter F. // GAO Reports;7/20/1999, p1 

    Pursuant to a congressional request, GAO reviewed the Environmental Protection Agency's (EPA) fiscal year (FY) 2000 performance plan, which was submitted to Congress in response to the Government Performance and Results Act of 1993, focusing on: (1) assessing the usefulness of the agency's plan...

  • Major Management Challenges and Program Risks: Environmental Protection Agency: OCG-99-17. Walker, David M. // GAO Reports;1/1/1999, p1 

    This publication is part of GAO's performance and accountability series which provides a comprehensive assessment of government management, particularly the management challenges and program risks confronting federal agencies. Using a "performance-based management" approach, this landmark set of...

  • Grants Management: EPA Needs to Strengthen Efforts to Address Persistent Challenges: GAO-03-846.  // GAO Reports;8/29/2003, p1 

    The Environmental Protection Agency (EPA) has long faced problems managing its grants, which constitute over one-half of the agency's annual budget, or about $4 billion. EPA uses grants to implement its programs to protect human health and the environment and awards grants to thousands of...

  • GAO Sees EPA as Ineffective.  // Chemical Market Reporter;08/21/2000, Vol. 258 Issue 8, p7 

    Reports on the description given by the United States (U.S.) General Accounting Office (GAO) about the U.S. Environmental Protection Agency's (EPA) information security program. How the GAO described the computer systems of EPA; Reason for the temporarily shut down of the agency's Web site in...

  • Wanted: Federal Sheriff To Protect Information. Shoop, Tom // National Journal;6/14/2008, Vol. 40 Issue 23, p15 

    The article reports on the need for U.S. federal agencies to enhance their computer security programs. What federal agencies do not know about protecting their data and computer systems could really hurt them, according to federal information security professionals. The U.S. Environmental...

  • Information Security: Comments on Proposed Government Information Act of 1999: T-AIMD-00-107.  // GAO Reports;3/2/2000, p1 

    The proposed Government Information Security Act of 1999--S. 1993--seeks to strengthen information security practices throughout the federal government. GAO's work has shown that almost all government agencies are plagued by poor computer security. The dramatic rise in computer interconnectivity...

  • One Law for Them, Another for Us.  // National Review;2/12/1996, Vol. 48 Issue 2, p14 

    The article reports on the United States Environmental Protection Agency's (EPA) failure to produce cost/benefit studies on the impact of the Clean Air Act as is required by the 1990 amendments to the law. This failure on the part of EPA is a clear contempt of the law. In May 1993 EPA...

  • Voluntary Consensus Standards: Agencies' Compliance With the National Technology Transfer and Advancement Act: T-RCED-00-122.  // GAO Reports;3/15/2000, p1 

    This testimony discusses information that GAO obtained from several federal agencies on the legislative history of the National Technology Transfer and Advancement Act and the reporting requirements for federal agencies. GAO focuses on two agencies' activities in carrying out their oversight...

  • Clean Water Act: Improved Resource Planning Would Help EPA Better Respond to Changing Needs and Fiscal Constraints: GAO-05-721.  // GAO Reports;7/22/2005, p1 

    Federal and state fiscal constraints may jeopardize past and future accomplishments resulting from the Clean Water Act (the act). In this environment, it is important to manage available resources as efficiently as possible and to identify future human capital needs, including the size of the...


Read the Article

Other Topics