EPA Computers Are Vulnerable, Congressman Says

Hackers could penetrate the Environmental Protection Agency’s secure computers, and the agency should cut them off the Internet to provide protection, a House committee chairman said Wednesday.

“Virtually all of [the EPA’s] computer data and systems may be highly vulnerable to penetration, misuses or attack by unauthorized users via the Internet,” claimed Rep. Thomas Bliley (R-Va.), chairman of the House Commerce Committee, citing a not-yet-released report to his committee about EPA computer security problems.

Bliley said investigators from the General Accounting Office in December were able to penetrate sensitive areas of the EPA computer system through the agency’s public Web site and gain access to sensitive material not generally available to the public.

The report was to have been presented at a hearing today, but Bliley on Wednesday abruptly canceled the hearing and instead released a copy of a letter he had sent to EPA Administrator Carol Browner, urging her to shut down the EPA’s publicly accessible Web site.

EPA spokesman David Cohen said the agency has been aware for some time of the GAO’s findings in December and had improved security of the EPA computer system.

He said that for the time being, the EPA has no plans to shut down the Web site, “but as we continue to evaluate our security needs we will do whatever is necessary to ensure computer security.”

The agency site contains a vast array of public data from statistics on air pollution to the amount of toxic chemicals a company releases into a community and pollution levels in lakes and streams.

“The majority of information on EPA’s web site is public information,” said Cohen. “In that portion of our computer system that is proprietary, we have taken steps to build in fire walls, strengthen security, and we will continue to do whatever is necessary to upgrade security.”

But Bliley accused Browner of “gross mismanagement of cyber security” and charged that she had not taken adequate steps to ensure protection for EPA’s data on secure computer systems--including confidential financial and trade information provided by companies as part of a regulatory proceeding.

Bliley in his letter provided no specific information on what data was penetrated, but said that the GAO investigation had uncovered “major vulnerabilities.” A committee source, familiar with the GAO report, said that GAO investigators had penetrated sensitive nonpublic computer systems by breaking access codes and other means using the EPA’s Internet connection as a window.

Under Browner the EPA has expanded dramatically the availability of environmental data on its publicly accessible Internet Web site and touted the increased ability of the public to access such information to make decisions on environmental protection and their health and safety.

Some environmentalists accused Bliley of trying to stir up controversy to intimidate the EPA and make such information unavailable.

“This is nothing more than an attempt to keep the American people from getting important environmental information. It’s really outrageous,” said Daniel Weiss of the Sierra Club.