Virus worms into NMCI

For the first time in its short history, the Navy Marine Corps Intranet fell victim to an outside attack.

A virus, albeit a supposedly "good" one, wormed its way in-to the enterprisewide network last week, causing many users to lose e-mail and Internet connectivity.

NMCI users experienced "intermittent problems" connect-ing to outside networks, said Kevin Clarke, a spokesman for EDS, the lead vendor for the Navy's initiative to create a single network for its shore-based operations.

The network did not fully crash, and users still had access to their desktop applications, officials noted. NMCI personnel distributed a patch from secu-rity firm Symantec Corp.

"We are currently experiencing connectivity issues enteprise-wide to include e-mail, Web and shared-drive access due to a virus," said a hot line recording of the NMCI Strike Force, which is made up of Navy and contractor personnel who handle network problems.

The so-called Welchia worm roots through networks looking for the Blaster worm that debilitated so many networks last week and automatically downloads and applies the Microsoft patch. But it does so at the expense of processing speed and bandwidth.

It remains a mystery how the new worm got inside the NMCI network, according to Capt. Chris Christopher, NMCI's staff director. "We could bring the whole network down [to fix it], but we do not want to do that."

As of the morning of Aug. 21, the worm was still affecting about 5,000 computers, including those at a number of small, remote locations, Clarke said. Because of the log-on configurations at some of those facilities, the patch could not be downloaded remotely. Therefore, the Strike Force was sending people out to physically repair network infrastructure.

By Aug. 22, the network was about 95 percent operational and only cleanup remained, Christopher said. The investigation to determine how and where the worm made its way into the system is expected to take a few weeks, he said.

The slowdown is something of a blow to officials at the Navy and EDS because security has been one of the key factors in rolling out the nearly 400,000-seat network.

Until now, NMCI officials said that a virus had never successfully penetrated their network, despite more than 85,000 malicious attempts made on the system. Earlier this month, the Blaster worm affected some legacy systems, but no system moved to NMCI had been affected, a department spokesperson said at the time.

"It would be Pollyanna-ish to assume that this can't happen again, so we're going to take this as a learning experience," Christopher said. "We're going to develop lessons learned and apply those in the future."

Robert Guerra, a principal with the consulting firm Guerra, Kiviat, Flyzik and Associates Inc., said he doubts the outage will have any lasting effects on either EDS or the NMCI program.

"The history of the performance of the network is incredible," he said. "It's been up for a couple of years and this would mark the first time it's been down. The project has a responsible vendor who's done a great job at deploying a very complex network, and a very good customer in the Navy."

Guerra said he hopes people don't rush to any conclusions before the Navy can sort out what brought the network down.

"We had a power outage last week across several states and the border with Canada, but no one is looking to shut down" Con Edison, he said. "I hope this doesn't affect the program, because the Navy has decided this is the right way for the Navy to go."

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above