- The Washington Times - Friday, August 24, 2001


A congressional report yesterday cited at least one federal agency for major computer security weaknesses that may place sensitive data at risk, and said other agencies may be vulnerable as well.
The General Accounting Office report said the weaknesses at the Commerce Department could jeopardize "sensitive economic, financial, personnel and confidential business data."
Additionally, the systems may be vulnerable to hackers who could disrupt operations of the agency.
"Significant and pervasive computer security weaknesses place sensitive Department of Commerce systems at risk," said the GAO, the investigative arm of Congress.
Among the data housed in the Commerce Department computers are Bureau of Export Administration data relating to national security, nuclear proliferation, missile technology, and chemical and biological warfare.
"Commerce's ability to fulfill its mission depends on the confidentiality, integrity, and availability of this sensitive information," the report said.
"For example, export data … reflect technologies that have both civil and military applications… . Much of these data are also business proprietary. If it were compromised, the business could not only lose its market share, but dangerous technologies might end up in the hands of renegade nations who threaten our national security or that of other nations."
The report said there may be similar security problems at other federal government agencies.
A report last September by the GAO found "significant computer security weaknesses" in 24 of the largest federal agencies, including Commerce.
The GAO noted that the number of computer security incidents reported to the government-funded CERT Coordination Center rose from 9,859 in 1999 to 21,756 in 2000 and that in the first six months of 2001, 15,476 incidents were reported.
The GAO said that a separate government computer security center reported that in 2000, the number of attacks rose to 586 incidents affecting 575,568 federal systems and 148 military systems.
It said that 155 of the incidents resulted in a compromise of computer data and that in at least five cases, "access to sensitive information had been obtained."
At the time of the latest review, the Commerce Department's chief information officer "acknowledged that the information security program was ineffective, but believed that he had neither the authority nor adequate resources to effectively strengthen it."
In response to the investigation, Commerce Secretary Donald L. Evans on July 23 established a task force on information security to develop a "comprehensive and effective program for the department," the GAO said.

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2020 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.


Click to Read More and View Comments

Click to Hide