Computer Security:

Virus Highlights Need for Improved Internet Management

IMTEC-89-57: Published: Jun 12, 1989. Publicly Released: Jul 20, 1989.

Additional Materials:


Jack L. Brock, Jr
(202) 512-4841


Office of Public Affairs
(202) 512-4800

Pursuant to a congressional request, GAO reviewed the November 1988 Internet computer virus incident.

GAO found that: (1) the Internet virus infected up to 6,000 computers within hours after it appeared, clogging systems and disrupting most of the nation's major research centers; (2) university computer experts eradicated the virus at most sites within 2 days; (3) the virus caused lost computer processing and staff time, but no permanent damage; (4) a few changes to the virus program could have resulted in widespread damage and compromise of sensitive or private information; (5) the incident highlighted such vulnerabilities as the lack of an Internet focal point for addressing security issues, security weaknesses at some sites, and problems in developing, distributing, and installing software fixes; and (6) agencies and groups have taken such actions as creating computer emergency response centers and issuing ethics statements. GAO also found that factors hindering prosecution of computer-virus-type incidents included the lack of federal statutes specifically directed at computer-virus-type incidents and the technical nature of computer-virus-type cases.

Recommendation for Executive Action

  1. Status: Closed - Not Implemented

    Comments: OSTP has not decided upon action, but does not intend to follow this recommendation. Action taken will be dependent on legislation introduced creating a National Research and Education Network. This bill has not yet been acted upon.

    Recommendation: The President's Science Advisor, Office of Science and Technology Policy (OSTP), should coordinate, through the Federal Coordinating Council on Science, Engineering, and Technology, the establishment of an interagency group to serve as an Internet security focal point. This group should include representatives from the federal agencies that fund Internet research networks and should: (1) provide Internet-wide policy, direction, and coordination in security-related areas to help ensure that the vulnerabilities highlighted by the recent incidents are effectively addressed; (2) support efforts already underway to enhance Internet security and, where necessary, assist these efforts to ensure their success; (3) develop mechanisms for obtaining the involvement of Internet users, systems software vendors, industry and technical groups, such as the Internet Activities Board, and the National Institute of Standards and Technology and the National Security Agency, the government agencies with responsibilities for federal computer security; and (4) become an integral part of the structure that emerges to manage the National Research Network.

    Agency Affected: Executive Office of the President: Office of Science and Technology Policy


Explore the full database of GAO's Open Recommendations »

Dec 21, 2020

Dec 17, 2020

Dec 7, 2020

  • science icon, source: National Cancer Institute

    Science & Tech Spotlight:

    Air Quality Sensors
    GAO-21-189SP: Published: Dec 7, 2020. Publicly Released: Dec 7, 2020.

Nov 30, 2020

Nov 20, 2020

Sep 3, 2020

Aug 31, 2020

Aug 11, 2020

Jul 30, 2020

Jul 28, 2020

  • science icon, source: National Cancer Institute

    Science & Tech Spotlight:

    Contact Tracing Apps
    GAO-20-666SP: Published: Jul 28, 2020. Publicly Released: Jul 28, 2020.

Looking for more? Browse all our products here