Critical Infrastructure Protection:
'ILOVEYOU' Computer Virus Highlights Need for Improved Alert and Coordination Capabilities
T-AIMD-00-181: Published: May 18, 2000. Publicly Released: May 18, 2000.
Additional Materials:
- Full Report:
Contact:
(202) 512-4841
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a congressional request, GAO discussed the ILOVEYOU computer virus, focusing on measures that can be taken to mitigate the effects of future attacks.
GAO noted that: (1) ILOVEYOU is both a virus and a worm; (2) worms propagate themselves through networks, and viruses destroy files and replicate themselves by manipulating files; (3) the damage resulting from this hybrid is limited to users of the Microsoft Windows operating system; (4) ILOVEYOU typically comes in the form of an electronic mail (e-mail) message from someone the recipient knows; (5) when opened and allowed to run, the virus attempts to send copies of itself to all entries in all of the recipient's address books; (6) soon after initial reports of the virus surfaced in Asia, the virus proliferated rapidly throughout the rest of the world; (7) recognizing the increasing computer-based risks to the nation's critical infrastructures, the federal government has taken steps over the past several years to create capabilities for effectively detecting, analyzing, and responding to cyber-based attacks; (8) however, the events and responses spawned by ILOVEYOU demonstrate both the challenge of providing timely warnings against information based threats and the increasing need for the development of national warning capabilities; (9) the National Infrastructure Protection Center (NIPC) is responsible for serving as the focal point in the federal government for gathering information on threats as well as facilitating and coordinating the federal government's response to incidents impacting key infrastructures; (10) once an imminent threat is identified, appropriate warnings and response actions must be effectively coordinated among federal agencies, the private sector, state and local governments, and other nations; (11) NIPC has had some success in providing early warnings on threats, but had less success with the ILOVEYOU virus; (12) for over 2 hours after NIPC first learned of the virus, it checked other sources in attempts to verify the initial information, with limited success; (13) NIPC did not issue an alert about ILOVEYOU on its own web page until hours after federal agencies were reportedly hit; (14) agencies themselves responded promptly and appropriately once they learned about the virus; (15) GAO found that the few federal components that either discovered or were alerted to the virus early did not effectively warn others; (16) to prevent future virus attacks, agencies can teach computer users that e-mail attachments are not always what they seem and that they should be careful when opening them; and (17) agencies can ensure that up-to-date virus detection software has been installed on their systems.
Sep 7, 2018
Broadband Internet:
FCC's Data Overstate Access on Tribal LandsGAO-18-630: Published: Sep 7, 2018. Publicly Released: Sep 7, 2018.
Jan 9, 2018
-
Telecommunications:
FCC Should Improve Monitoring of Industry Efforts to Strengthen Wireless Network ResiliencyGAO-18-198: Published: Dec 12, 2017. Publicly Released: Jan 9, 2018.
Nov 27, 2017
-
Internet of Things:
FCC Should Track Growth to Ensure Sufficient Spectrum Remains AvailableGAO-18-71: Published: Nov 16, 2017. Publicly Released: Nov 27, 2017.
Oct 30, 2017
-
Emergency Communications:
Overlap and Views on the Effectiveness of Organizations Promoting the Interoperability of EquipmentGAO-18-173R: Published: Oct 30, 2017. Publicly Released: Oct 30, 2017.
Oct 12, 2017
-
Firstnet:
Efforts to Establish the Public-Safety Broadband NetworkGAO-18-187T: Published: Oct 12, 2017. Publicly Released: Oct 12, 2017.
Sep 29, 2017
-
Video Programming:
FCC Should Conduct Additional Analysis to Evaluate Need for Set-Top Box RegulationGAO-17-785: Published: Sep 29, 2017. Publicly Released: Sep 29, 2017.
Sep 21, 2017
-
Telecommunications:
Agencies Need to Apply Transition Planning Practices to Reduce Potential Delays and Added CostsGAO-17-464: Published: Sep 21, 2017. Publicly Released: Sep 21, 2017.
Sep 19, 2017
-
Broadband:
Additional Stakeholder Input Could Inform FCC Actions to Promote CompetitionGAO-17-742: Published: Sep 19, 2017. Publicly Released: Sep 19, 2017.
Sep 14, 2017
-
Telecommunications:
Additional Action Needed to Mitigate Significant Risks in FCC's Lifeline ProgramGAO-17-805T: Published: Sep 14, 2017. Publicly Released: Sep 14, 2017. -
Telecommunications:
FCC Updated Its Enforcement Program, but Improved Transparency Is NeededGAO-17-727: Published: Sep 14, 2017. Publicly Released: Sep 14, 2017.
Looking for more? Browse all our products here
Explore our Key Issues on TelecommunicationsExplore our other Key Issues here
