Security problems are found in Commerce Dept. computers By D. IAN HOPPER The Associated Press

WASHINGTON - Computer security at the Commerce Department is deplorable, a Republican congressman said Friday after releasing a report saying America’s business secrets there are vulnerable to hackers.

The huge department’s computer systems contain sensitive information on such subjects as export controls, patents and trademarks.

The report, prepared by the General Accounting Office, states that Commerce fails on all computer security fronts, failing to prevent, detect and respond to attacks.

Rep. James Greenwood, R-Pa., said the investigators uncovered an undetected hacker attack during their inquiry.

‘‘GAO reports that its hackers gained access to one system, only to find that a Russian hacker had been there before them without the department’s apparent knowledge,’’ said Greenwood, chairman of the House Commerce Committee’s oversight panel. The investigators did not say if any information was stolen or changed.

‘‘The state of the department’s security was truly deplorable,’’ Greenwood said.

Investigators found that by using free, easy-to-find hacking tools, almost anyone could have free rein within Commerce’s networks.

‘‘Individuals, both within and outside Commerce, could gain unauthorized access to these systems and read, copy, modify and delete sensitive economic, financial, personnel and confidential business data,’’ the report says.

The GAO discovered many Commerce systems without passwords, or with easily guessed passwords like the word ‘‘password.’’ They found many employees with high-level network access who didn’t need such access on an everyday basis.

The Commerce Department’s own top watchdog, Inspector General Johnnie E. Frazier, said many former employees still have open accounts on the department’s networks.

‘‘We have people who have been out of the Department of Commerce for three years . . . who still have access to the systems,’’ Frazier said.

Lawmakers noted that, in 1999, Frazier’s office reported many of the problems that still exist. Frazier lamented that he doesn’t have enough power to force change.

House Commerce Committee chairman Billy Tauzin, along with other Republicans, blamed the Clinton administration for the problems.

‘‘It is clear to me that, despite what the former president might have said about the importance of computer security, his administration failed to take actions to make the protection of our nation’s critical cyber-assets a true priority,’’ Tauzin said.

The department’s new top technology official, Samuel W. Bodman, said he agreed with each criticism and took responsibility for the problem.

‘‘I’m as concerned as the committee, perhaps more so,’’ Bodman said.

Bodman said the department has created an information security task force, and is restructuring its technology department.

‘‘I, frankly, am embarrassed to be here in front of you,’’ he said.

Greenwood, whose subcommittee has spotlighted computer security problems throughout the executive branch, said he will continue to watch the department’s progress but gave Bodman a pass. Bodman started his job just six days ago.

‘‘You don’t have to be embarrassed yet,’’ Greenwood said. ‘‘We’ll let you know.’’

http://www.chieftain.com/saturday/business/index/article/6

©1996-2000 The pueblo Chieftain Online

-- Martin Thompson (mthom1927@aol.com), August 04, 2001