Computer Security:
Virus Highlights Need for Improved Internet Management
IMTEC-89-57: Published: Jun 12, 1989. Publicly Released: Jul 20, 1989.
Additional Materials:
- Full Report:
Contact:
(202) 512-4841
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a congressional request, GAO reviewed the November 1988 Internet computer virus incident.
GAO found that: (1) the Internet virus infected up to 6,000 computers within hours after it appeared, clogging systems and disrupting most of the nation's major research centers; (2) university computer experts eradicated the virus at most sites within 2 days; (3) the virus caused lost computer processing and staff time, but no permanent damage; (4) a few changes to the virus program could have resulted in widespread damage and compromise of sensitive or private information; (5) the incident highlighted such vulnerabilities as the lack of an Internet focal point for addressing security issues, security weaknesses at some sites, and problems in developing, distributing, and installing software fixes; and (6) agencies and groups have taken such actions as creating computer emergency response centers and issuing ethics statements. GAO also found that factors hindering prosecution of computer-virus-type incidents included the lack of federal statutes specifically directed at computer-virus-type incidents and the technical nature of computer-virus-type cases.
Recommendation for Executive Action
Status: Closed - Not Implemented
Comments: OSTP has not decided upon action, but does not intend to follow this recommendation. Action taken will be dependent on legislation introduced creating a National Research and Education Network. This bill has not yet been acted upon.
Recommendation: The President's Science Advisor, Office of Science and Technology Policy (OSTP), should coordinate, through the Federal Coordinating Council on Science, Engineering, and Technology, the establishment of an interagency group to serve as an Internet security focal point. This group should include representatives from the federal agencies that fund Internet research networks and should: (1) provide Internet-wide policy, direction, and coordination in security-related areas to help ensure that the vulnerabilities highlighted by the recent incidents are effectively addressed; (2) support efforts already underway to enhance Internet security and, where necessary, assist these efforts to ensure their success; (3) develop mechanisms for obtaining the involvement of Internet users, systems software vendors, industry and technical groups, such as the Internet Activities Board, and the National Institute of Standards and Technology and the National Security Agency, the government agencies with responsibilities for federal computer security; and (4) become an integral part of the structure that emerges to manage the National Research Network.
Agency Affected: Executive Office of the President: Office of Science and Technology Policy
Explore the full database of GAO's Open Recommendations
»
Dec 21, 2020
-
Science & Tech Spotlight:
Tracing the Source of Chemical WeaponsGAO-21-271SP: Published: Dec 21, 2020. Publicly Released: Dec 21, 2020.
Dec 17, 2020
-
Federal Research:
Agencies Need to Enhance Policies to Address Foreign InfluenceGAO-21-130: Published: Dec 17, 2020. Publicly Released: Dec 17, 2020.
Dec 7, 2020
-
Science & Tech Spotlight:
Air Quality SensorsGAO-21-189SP: Published: Dec 7, 2020. Publicly Released: Dec 7, 2020.
Nov 30, 2020
-
Artificial Intelligence in Health Care:
Benefits and Challenges of Technologies to Augment Patient CareGAO-21-7SP: Published: Nov 30, 2020. Publicly Released: Nov 30, 2020.
Nov 20, 2020
-
Biomedical Research:
NIH Should Publicly Report More Information about the Licensing of Its Intellectual PropertyGAO-21-52: Published: Oct 22, 2020. Publicly Released: Nov 20, 2020.
Sep 3, 2020
-
Defense Science and Technology:
Opportunities to Better Integrate Industry Independent Research and Development into DOD PlanningGAO-20-578: Published: Sep 3, 2020. Publicly Released: Sep 3, 2020.
Aug 31, 2020
-
Science & Tech Spotlight:
Consumer Electronics RecyclingGAO-20-712SP: Published: Aug 31, 2020. Publicly Released: Aug 31, 2020.
Aug 11, 2020
-
Facial Recognition Technology:
Privacy and Accuracy Issues Related to Commercial UsesGAO-20-522: Published: Jul 13, 2020. Publicly Released: Aug 11, 2020.
Jul 30, 2020
-
Covid-19:
Data Quality and Considerations for Modeling and AnalysisGAO-20-635SP: Published: Jul 30, 2020. Publicly Released: Jul 30, 2020.
Jul 28, 2020
-
Science & Tech Spotlight:
Contact Tracing AppsGAO-20-666SP: Published: Jul 28, 2020. Publicly Released: Jul 28, 2020.
Looking for more? Browse all our products here