Environmental Protection Agency Cybersecurity Weaknesses Remain Unpatched, IG Says

The Environmental Protection Agency says having limited resources is the reason why thousands of cybersecurity weaknesses have gone unaddressed in the Analytical Radiation Data System, which is used to detect radiological anomalies by processing monitoring data from the air, rain, soil and other materials.

According to the agency’s Office of the Inspector General, such vulnerabilities were not addressed within federally prescribed timeframes.

The watchdog added that public health could be at risk if ARaDS’ security issues remain unresolved.

A new IG report published on Wednesday identifies over 20,000 vulnerabilities in the agency’s network, potentially leaving remote computers open to denial-of-service attacks and other forms of hacking. In addition, eight weaknesses classified as critical did not receive sufficient remediation and tracking efforts.

Federal organizations typically receive two days from the National Institute of Standards and Technology to address critical vulnerabilities.

The IG gave ranked the EPA level three on its five-level cybersecurity maturity model spectrum, indicating that while information security procedures have consistently been implemented, quantitative and qualitative protections remain insufficient, FCW reported Wednesday.