Government Watchdog Identifies Vulnerabilities in EPA’s Information Security

August 20, 2012

WASHINGTON, D.C. — A newly released report by the Government Accountability Office finds continued weaknesses in the Environmental Protection Agency’s network security. A bipartisan contingent of Energy and Commerce Committee members, led by Chairman Fred Upton (R-MI), requested that GAO audit EPA information security last year.

GAO’s review found security control weaknesses throughout EPA’s systems and networks, jeopardizing the agency’s ability to protect confidential and sensitive information. The report revealed the agency has not fully implemented controls necessary to prevent the unauthorized access to its networks. The government watchdog warned, “Without adequate safeguards, systems are vulnerable to individuals and groups with malicious intentions, who may obtain sensitive information, commit fraud, disrupt operations, or launch attacks against other computer systems and networks.”

According to the report, many of the weaknesses identified by GAO had been previously raised by the EPA Inspector General, but the agency has failed to adequately address the longstanding problems. The report called on EPA to take immediate remedial actions, stating, “[U]ntil EPA fully implements these controls, it will have limited assurance that its information and information systems are being adequately protected against unauthorized access, disclosure, modification, and loss.” GAO recommended 12 actions the Administrator should take to address weaknesses.

“Our oversight has shed much-needed light on the vulnerability of confidential information at federal agencies. This report raises serious questions about EPA’s dedication to ensuring robust information protection and underscores the urgency for the agency to address security weaknesses. We will continue our oversight with a review of EPA’s implementation of GAO’s recommendations in the coming months,” said Chairman Upton.

View the GAO report online HERE