Computer Security:

Virus Highlights Need for Improved Internet Management

IMTEC-89-57: Published: Jun 12, 1989. Publicly Released: Jul 20, 1989.

Contact:

Jack L. Brock, Jr
(202) 512-4841
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed the November 1988 Internet computer virus incident.

GAO found that: (1) the Internet virus infected up to 6,000 computers within hours after it appeared, clogging systems and disrupting most of the nation's major research centers; (2) university computer experts eradicated the virus at most sites within 2 days; (3) the virus caused lost computer processing and staff time, but no permanent damage; (4) a few changes to the virus program could have resulted in widespread damage and compromise of sensitive or private information; (5) the incident highlighted such vulnerabilities as the lack of an Internet focal point for addressing security issues, security weaknesses at some sites, and problems in developing, distributing, and installing software fixes; and (6) agencies and groups have taken such actions as creating computer emergency response centers and issuing ethics statements. GAO also found that factors hindering prosecution of computer-virus-type incidents included the lack of federal statutes specifically directed at computer-virus-type incidents and the technical nature of computer-virus-type cases.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendation for Executive Action

    Recommendation: The President's Science Advisor, Office of Science and Technology Policy (OSTP), should coordinate, through the Federal Coordinating Council on Science, Engineering, and Technology, the establishment of an interagency group to serve as an Internet security focal point. This group should include representatives from the federal agencies that fund Internet research networks and should: (1) provide Internet-wide policy, direction, and coordination in security-related areas to help ensure that the vulnerabilities highlighted by the recent incidents are effectively addressed; (2) support efforts already underway to enhance Internet security and, where necessary, assist these efforts to ensure their success; (3) develop mechanisms for obtaining the involvement of Internet users, systems software vendors, industry and technical groups, such as the Internet Activities Board, and the National Institute of Standards and Technology and the National Security Agency, the government agencies with responsibilities for federal computer security; and (4) become an integral part of the structure that emerges to manage the National Research Network.

    Agency Affected: Executive Office of the President: Office of Science and Technology Policy

    Status: Closed - Not Implemented

    Comments: OSTP has not decided upon action, but does not intend to follow this recommendation. Action taken will be dependent on legislation introduced creating a National Research and Education Network. This bill has not yet been acted upon.

    Apr 17, 2014

    Apr 2, 2014

    Jan 28, 2014

    Jan 8, 2014

    Sep 26, 2013

    Feb 20, 2013

    Feb 1, 2013

    Sep 27, 2012

    Sep 18, 2012

    Jul 17, 2012

    Looking for more? Browse all our products here