Critical Infrastructure Protection:
'ILOVEYOU' Computer Virus Highlights Need for Improved Alert and Coordination Capabilities
T-AIMD-00-181: Published: May 18, 2000. Publicly Released: May 18, 2000.
Additional Materials:
- Full Report:
Contact:
(202) 512-4841
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a congressional request, GAO discussed the ILOVEYOU computer virus, focusing on measures that can be taken to mitigate the effects of future attacks.
GAO noted that: (1) ILOVEYOU is both a virus and a worm; (2) worms propagate themselves through networks, and viruses destroy files and replicate themselves by manipulating files; (3) the damage resulting from this hybrid is limited to users of the Microsoft Windows operating system; (4) ILOVEYOU typically comes in the form of an electronic mail (e-mail) message from someone the recipient knows; (5) when opened and allowed to run, the virus attempts to send copies of itself to all entries in all of the recipient's address books; (6) soon after initial reports of the virus surfaced in Asia, the virus proliferated rapidly throughout the rest of the world; (7) recognizing the increasing computer-based risks to the nation's critical infrastructures, the federal government has taken steps over the past several years to create capabilities for effectively detecting, analyzing, and responding to cyber-based attacks; (8) however, the events and responses spawned by ILOVEYOU demonstrate both the challenge of providing timely warnings against information based threats and the increasing need for the development of national warning capabilities; (9) the National Infrastructure Protection Center (NIPC) is responsible for serving as the focal point in the federal government for gathering information on threats as well as facilitating and coordinating the federal government's response to incidents impacting key infrastructures; (10) once an imminent threat is identified, appropriate warnings and response actions must be effectively coordinated among federal agencies, the private sector, state and local governments, and other nations; (11) NIPC has had some success in providing early warnings on threats, but had less success with the ILOVEYOU virus; (12) for over 2 hours after NIPC first learned of the virus, it checked other sources in attempts to verify the initial information, with limited success; (13) NIPC did not issue an alert about ILOVEYOU on its own web page until hours after federal agencies were reportedly hit; (14) agencies themselves responded promptly and appropriately once they learned about the virus; (15) GAO found that the few federal components that either discovered or were alerted to the virus early did not effectively warn others; (16) to prevent future virus attacks, agencies can teach computer users that e-mail attachments are not always what they seem and that they should be careful when opening them; and (17) agencies can ensure that up-to-date virus detection software has been installed on their systems.
Jan 25, 2021
-
Southwest Border:
DHS and DOJ Have Implemented Expedited Credible Fear Screening Pilot Programs, but Should Ensure Timely Data EntryGAO-21-144: Published: Jan 25, 2021. Publicly Released: Jan 25, 2021.
Jan 21, 2021
-
Chemical Security:
Overlapping Programs Could Better Collaborate to Share Information and Identify Potential Security GapsGAO-21-12: Published: Jan 21, 2021. Publicly Released: Jan 21, 2021.
Jan 19, 2021
-
DHS Annual Assessment:
Most Acquisition Programs Are Meeting Goals but Data Provided to Congress Lacks Context Needed For Effective OversightGAO-21-175: Published: Jan 19, 2021. Publicly Released: Jan 19, 2021.
Dec 16, 2020
-
Coast Guard:
Actions Needed to Improve National Vessel Documentation Center OperationsGAO-21-100: Published: Dec 16, 2020. Publicly Released: Dec 16, 2020.
Nov 23, 2020
-
Southwest Border:
Information on Federal Agencies' Process for Acquiring Private Land for BarriersGAO-21-114: Published: Nov 17, 2020. Publicly Released: Nov 23, 2020.
Nov 12, 2020
-
Coast Guard Acquisitions:
Opportunities Exist to Reduce Risk for the Offshore Patrol Cutter ProgramGAO-21-9: Published: Oct 28, 2020. Publicly Released: Nov 12, 2020.
Oct 29, 2020
-
TSA Acquisitions:
TSA Needs to Establish Metrics and Evaluate Third Party Testing Outcomes for Screening TechnologiesGAO-21-50: Published: Oct 29, 2020. Publicly Released: Oct 29, 2020.
Oct 20, 2020
-
Homeland Security Acquisitions:
DHS Has Opportunities to Improve Its Component Acquisition OversightGAO-21-77: Published: Oct 20, 2020. Publicly Released: Oct 20, 2020.
Sep 30, 2020
-
Disaster Assistance:
Additional Actions Needed to Strengthen FEMA's Individuals and Households ProgramGAO-20-503: Published: Sep 30, 2020. Publicly Released: Sep 30, 2020. -
Supplemental Material for GAO-20-503:
FEMA Individuals and Households Program Applicant Data 2016 – 2018GAO-20-675SP: Published: Sep 30, 2020. Publicly Released: Sep 30, 2020.
Looking for more? Browse all our products here