Environmental protection agency training raises questions - WTRF 7 News Sports Weather - Wheeling Steubenville

Environmental protection agency training raises questions

Posted: Updated:

Stephen Smoot is an educational director at a media foundation in Washington, D.C. He lives in Keyser with his wife and son.

Last month, the Inspector General of the Environmental Protection Agency released a critical report on its information security practices. Experts say that the problems revealed could jeopardize sensitive information gathered by the agency.

The report, released March 21, claims that information systems and data are "at risk." This stems from the inadequate training of staff members who handle and protect sensitive information.

Auditors working for the inspector general conducted web surveys of 356 EPA staff members and interviews with 87 EPA employees with "significant information security responsibilities." These staffers worked at EPA headquarters and also in branches in Chicago, Denver and the Research Triangle facility in Raleigh, North Carolina.

The E-Government Act of 2002 establishes training guidelines. It also defines 17 distinct roles to be filled in information security. Fifty-one percent of those surveyed claimed that they had no specific role based information security training. Almost three-fourths of respondents said the online training was inadequate and not focused on EPA needs.

Mary Beth Wilson, a retired IBM consultant, echoes the inspector general's concerns. Any time an agency is not in compliance, she says, it brings "a tremendous risk." Establishing a security program, as laid out by federal law, is important. But standards and policies must be maintained. 

"Normal procedure is to have rules and regulations in place," she said. "Every week you are doing updates."

Wilson adds that "attacks can come from anywhere, from China, for that matter."

Inadequate information security for the Raleigh site is very problematic. According to the Office of Environmental Information at the EPA, the 24,000-square foot Raleigh facility contains telecommunications facilities, the EPA's national data and serves as the hub for six agency laboratories.

The OEI also describes "robust" procedures for protecting information. These include monthly vulnerability assessments, incident monitoring and reporting, third party reviews, background checks and other safeguards.

Wilson called the government's responsibility for safeguarding information a "monumental task." She also said the EPA is not alone. Much of the federal government is "inconsistent" in this effort. Even worse, a problem in one office can quickly spread to systems in other offices.

These concerns come at a time when digital resources are more vulnerable than ever before. According to the Information Age, an explosion of "smart" devices combined with increasing reliance on cloud computing puts sensitive information at risk in every sector.

In response to the report, the EPA agreed to implement the recommended corrective actions.

EPA moves against coal mining permits, mandates on coal fired power plants and suits against family farms have brought the agency under intense criticism in West Virginia in recent years.

The EPA press office did not provide answers to questions for this piece.