November 1988 Internet Computer Virus and the Vulnerability of National Telecommunications Networks to Computer Viruses
T-IMTEC-89-10: Published: Jul 20, 1989. Publicly Released: Jul 20, 1989.
GAO discussed the November 1988 Internet computer virus incident, during which a computer program disrupted national research networks' operations by entering their computers and continually reproducing. GAO noted that: (1) although the virus did not permanently damage Internet, a slightly different program could have caused widespread network damage and compromise; (2) Internet vulnerabilities facilitating the spread of the virus included the lack of a security focal point, security weaknesses at host sites, and problems in resolving software holes; (3) federal computer-crime laws did not specifically address computer viruses; and (4) although some networks have established computer security response centers and issued ethics statements to address Internet vulnerabilities, such corrective actions as heightening users' security awareness, improving identified host-level weaknesses, and establishing a security focal point could further reduce vulnerabilities. GAO believes that, in light of Internet's evolution into a high-speed, enhanced network system with greater accessibility and international connections, an interagency group should serve as an Internet security focal point to provide security policy, direction, and coordination.