Please disable your Ad Blocker to better interact with this website.

  • EPA Doesn’t Know About Dozens Of It’s Own IT Systems

    Environmental Protection Agency officials can’t keep track of their information technology systems, which increases the risk of data breaches that could cost taxpayers at least $12 million, a government watchdog reported Monday.

    The EPA lacks a complete list of its IT systems that are managed by contractors, meaning officials can’t properly ensure the systems’ cyber-security, and could mean the agency is paying for multiple systems that perform duplicative functions, according to the EPA Inspector General.

    “The EPA risks being unable to effectively mitigate security vulnerabilities and unable to protect the organization’s resources and data from undue harm,” the IG said. “The EPA’s official IT systems inventory does not contain all contractor systems. Our analysis of this list showed that 22 contractor systems and an initiative were not reported.”

    Having an incomplete IT systems database is a significant problem because “managerial oversight of contractor compliance with information security control is critical for maintaining the public’s confidence in the environmental impacts achieved through EPA programs, as well as for helping avoid costs associated with data breaches.

    “Without a complete inventory of contractor systems, the agency cannot ensure that all IT systems, services and models are receiving the appropriate level of IT governance. Furthermore, without a complete inventory, there is no way to determine if there are systems already developed or acquired that will meet current or future” needs.

    Also, the EPA didn’t ensure “contractors conducted their annual security assessments,” the IG said. In fact, some officials weren’t even aware that they had oversight responsibilities. “We found that the EPA did not provide oversight of contractors implementing EPA information security procedures because responsible personnel were unaware of the requirements.”

    In the past, “data maintained by a third party and residing at the vendor’s site were breached on multiple occasions,” the IG said.

    A lack of security assessments could cause “a compromised system or the inability to subvert a data breach,” the report said. “As a result, the EPA could potential spend from $1.4 million to over $12 million to mitigate data breaches on the systems we reviewed.”

    Follow Ethan on Twitter

    Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.

    Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.

    Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.

    Powered by WPeMatico


    Surge Wire

    Breaking news and analysis from around the globe courtesy of Daily Surge.

    Join the discussion. Leave a comment.

    We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.





    Trending Now on Daily Surge

    Our Privacy Policy has been updated to support the latest regulations.Click to learn more.×

    Send this to a friend