Computer Security:
Virus Highlights Need for Improved Internet Management
IMTEC-89-57: Published: Jun 12, 1989. Publicly Released: Jul 20, 1989.
Additional Materials:
- Full Report:
Contact:
(202) 512-4841
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a congressional request, GAO reviewed the November 1988 Internet computer virus incident.
GAO found that: (1) the Internet virus infected up to 6,000 computers within hours after it appeared, clogging systems and disrupting most of the nation's major research centers; (2) university computer experts eradicated the virus at most sites within 2 days; (3) the virus caused lost computer processing and staff time, but no permanent damage; (4) a few changes to the virus program could have resulted in widespread damage and compromise of sensitive or private information; (5) the incident highlighted such vulnerabilities as the lack of an Internet focal point for addressing security issues, security weaknesses at some sites, and problems in developing, distributing, and installing software fixes; and (6) agencies and groups have taken such actions as creating computer emergency response centers and issuing ethics statements. GAO also found that factors hindering prosecution of computer-virus-type incidents included the lack of federal statutes specifically directed at computer-virus-type incidents and the technical nature of computer-virus-type cases.
Recommendation for Executive Action
Status: Closed - Not Implemented
Comments: OSTP has not decided upon action, but does not intend to follow this recommendation. Action taken will be dependent on legislation introduced creating a National Research and Education Network. This bill has not yet been acted upon.
Recommendation: The President's Science Advisor, Office of Science and Technology Policy (OSTP), should coordinate, through the Federal Coordinating Council on Science, Engineering, and Technology, the establishment of an interagency group to serve as an Internet security focal point. This group should include representatives from the federal agencies that fund Internet research networks and should: (1) provide Internet-wide policy, direction, and coordination in security-related areas to help ensure that the vulnerabilities highlighted by the recent incidents are effectively addressed; (2) support efforts already underway to enhance Internet security and, where necessary, assist these efforts to ensure their success; (3) develop mechanisms for obtaining the involvement of Internet users, systems software vendors, industry and technical groups, such as the Internet Activities Board, and the National Institute of Standards and Technology and the National Security Agency, the government agencies with responsibilities for federal computer security; and (4) become an integral part of the structure that emerges to manage the National Research Network.
Agency Affected: Executive Office of the President: Office of Science and Technology Policy
Explore the full database of GAO's Open Recommendations
»
Explore the full database of GAO's Open Recommendations
Jul 31, 2018
Information Security:
IRS Needs to Rectify Control Deficiencies That Limit Its Effectiveness in Protecting Sensitive Financial and Taxpayer DataGAO-18-391: Published: Jul 31, 2018. Publicly Released: Jul 31, 2018.
Jul 25, 2018
-
High-Risk Series:
Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the NationGAO-18-645T: Published: Jul 25, 2018. Publicly Released: Jul 25, 2018.
Jul 12, 2018
-
Information Security:
Supply Chain Risks Affecting Federal AgenciesGAO-18-667T: Published: Jul 12, 2018. Publicly Released: Jul 12, 2018.
Jun 14, 2018
-
Cybersecurity Workforce:
Agencies Need to Improve Baseline Assessments and Procedures for Coding PositionsGAO-18-466: Published: Jun 14, 2018. Publicly Released: Jun 14, 2018.
May 14, 2018
-
Protecting Classified Information:
Defense Security Service Should Address Challenges as New Approach Is PilotedGAO-18-407: Published: May 14, 2018. Publicly Released: May 14, 2018.
Apr 24, 2018
-
Cybersecurity:
DHS Needs to Enhance Efforts to Improve and Promote the Security of Federal and Private-Sector NetworksGAO-18-520T: Published: Apr 24, 2018. Publicly Released: Apr 24, 2018.
Mar 7, 2018
-
Cybersecurity Workforce:
DHS Needs to Take Urgent Action to Identify Its Position and Critical Skill RequirementsGAO-18-430T: Published: Mar 7, 2018. Publicly Released: Mar 7, 2018.
Feb 6, 2018
-
Cybersecurity Workforce:
Urgent Need for DHS to Take Actions to Identify Its Position and Critical Skill RequirementsGAO-18-175: Published: Feb 6, 2018. Publicly Released: Feb 6, 2018.
Sep 28, 2017
-
Federal Information Security:
Weaknesses Continue to Indicate Need for Effective Implementation of Policies and PracticesGAO-17-549: Published: Sep 28, 2017. Publicly Released: Sep 28, 2017.
Aug 3, 2017
-
Information Security:
OPM Has Improved Controls, but Further Efforts Are NeededGAO-17-614: Published: Aug 3, 2017. Publicly Released: Aug 3, 2017.
Looking for more? Browse all our products here
Explore our Key Issues on Information Security
Explore our other Key Issues here
