Will Security Lapse Bring Another EPA Data Blackout?

August 22, 2012

More than a decade ago, on February 17, 2000, the entire EPA website was taken down for two weeks because of data security concerns raised by the House Energy Committee. There are faint hints that such events may be in the offing again.

EPA's website was quickly restored in 2000, but industry allies on House Energy did succeed in damaging public confidence in the security of EPA's site at a time when industry wanted to give less data to EPA.

EPA has spent a decade upgrading its computer systems and the security of its sprawling network. At the request of House Energy leaders, the Government Accountability Office (GAO) this summer finished (on July 19, 2012) another report chiding EPA for network security flaws still unfixed. The report was given to House Energy, but apparently not released, under a longstanding protocol that GAO reports are not released publicly until they have gone to Congressional requesters. This gives Congress a chance to release the reports, occasionally spun by accompanying press releases.

Then news occurred. On August 2, reporter Jill R. Aitoro at Washington Business Journal broke a story that a significant breach of EPA's network security had happened in March 2012.

Although official information is scarce, it appears that the breach came from a link to a contractor's computer and would potentially have harmed mainly EPA employees. There is currently no evidence that any actual harm occurred. More than two weeks later, on August 20, House Energy leaders released a press release about the GAO report. GAO released the report the same day. The release said system security flaws could be "jeopardizing the agency’s ability to protect confidential and sensitive information" — which translates at House Energy as industry secrets.