Computer security investigators from the General Accounting Office (GAO) succeeded in 996 of 1000 attempts to access protected, sensitive data on Department of Commerce computers.

Not good at all, the GAO told the House Energy and Commerce subcommittee on August 3.

Sensitive information, including non-publishable census data and classified data on foreign trade stored on Commerce Department computer systems was found to be at risk.

Not only were GAO investigators able to gain control of several Commerce systems, they found evidence that previous access of the systems by outside hackers had gone undetected by Commerce Department computer security systems. 

Summarizing its findings in a report titled, Information Security: Weaknesses Place Commerce Data and Operations at Serious Risk (Report GAO-01-1004T), the GAO states:

"At the seven Commerce organizations we reviewed, significant and pervasive computer security weaknesses exist that place sensitive Commerce systems at serious risk. Using readily available software and common techniques, we demonstrated the ability to penetrate sensitive Commerce systems from both inside Commerce and remotely, such as through the Internet. Individuals, both within and outside Commerce, could gain unauthorized access to these systems and read, copy, modify, and delete sensitive economic, financial, personnel, and confidential business data. Moreover, intruders could disrupt the operations of systems that are critical to the mission of the department. Additionally, unauthorized access to sensitive systems may not be detected in time to prevent or minimize damage. The underlying cause for the numerous weaknesses we identified was the lack of an effective program to manage information security."

Major Commerce Department computer security weaknesses cited by the GAO included weak or non-existent password requirements, failure to update security software, inadequate controls to prevent access from the Internet and lack of an adequate security management program.

Or, as House Energy and Commerce Committee Chairman Rep. Billy Tauzin (R-LA), stated, the GAO report "basically says you can walk around there undetected."