GAO noted that: (1) unclassified information systems for scientific research are not consistently protected at all DOE laboratories; (2) although some laboratories are taking significant measures to strengthen access controls, many systems remain vulnerable; (3) in four recent cases, Internet-based attacks forced specific laboratories to disconnect their networks from the Internet, interrupting s

GAO noted that: (1) the nation's computer-based infrastructures are at increasing risk of severe disruption; (2) the dramatic increase of computer interconnectivity has provided pathways among systems that can be used to gain unauthorized access to data and operations from remote locations; (3) government officials are increasingly worried about attacks from individuals and groups with malicious

GAO noted that: (1) GAO's review found serious and pervasive problems that essentially render EPA's agencywide information security program ineffective; (2) current security program planning and management is largely a paper exercise that has done little to substantively identify, evaluate, and mitigate risks to the agency's data systems; (3) GAO's tests of computer-based controls have concluded

GAO noted that: (1) the agencies generally concurred with GAO recommendations and are taking steps to address the weaknesses; (2) GAO routinely follows up on recommendations made to agencies; (3) GAO has performed several reviews and issued a number of reports related to the status of computer security at the Department of Veterans Affairs (VA); (4) however, although periodic independent reviews

GAO noted that: (1) the dramatic increase of computer interconnectivity and the popularity of the Internet, while facilitating access to information, are factors that also make it easier for individuals and groups with malicious intentions to intrude into inadequately protected systems and use such access to obtain sensitive information, commit fraud, or disrupt operations; (2) attacks on and mis

GAO noted that: (1) serious weaknesses in DOD information security continue to provide both hackers and hundreds of thousands of authorized users the opportunity to modify, steal, inappropriately disclose, and destroy sensitive DOD data; (2) these weaknesses impair DOD's ability to: (a) control physical and electronic access to its systems and data; (b) ensure that software running on its systems

GAO noted that: (1) the recent series of attacks on federal web sites have primarily focused on defacing, or vandalizing web site content or initiating denial of service attacks in order to crash servers; (2) fortunately, the consequences of recent attacks on federal web sites have been largely confined to agency embarrassment and temporary shut downs in web site service; (3) in fact, web site at

GAO noted that: (1) Melissa is a macro virus that can affect users of Microsoft's Word 97 or Word 2000; (2) macro viruses are computer viruses that use an application's own macro programming language to reproduce themselves; (3) Melissa itself is delivered in a Word document; (4) once the Word document is opened, and the virus is allowed to run, Melissa: (a) checks to see if Word 97 or Word 2000

GAO noted that: (1) as the importance of computer security has increased, so have the rigor and frequency of federal audits in this area; (2) during the last 2 years, GAO and the agency inspectors general (IG) have evaluated computer-based controls on a wide variety of financial and nonfinancial systems supporting critical federal programs and operations; (3) the most recent set of audit results

GAO noted that: (1) the expanded amount of audit evidence that has become available since mid-1996 describes widespread and serious weaknesses in the federal government's ability to adequately protect: (a) federal assets from fraud and misuse; (b) sensitive information from inappropriate disclosure; and (c) critical operations, including some affecting public safety, from disruption; (2) signific