Despite fending off Melissa virus, U.S. systems still vulnerable

The wildly proliferating Melissa macro virus that the government battled late last month underscored the need for agencies to improve inadequate system security practices, according to testimony presented at a House subcommittee hearing today.

"In facing the challenges of Melissa, one thing has become clear: Our federal systems are not adequately protected," said Constance Morella (R-Md.), chairwoman of the Technology Subcommittee of the House Science Committee.

The lack of adequate information security in the public and private sectors "has the potential to dwarf the millennium bug," she said. "Many people today still think that computer security is owning a backup disk drive."

Keith Rhodes, technical director for computers and telecommunications in the General Accounting Office's Accounting and Information Management Division, said Melissa is a "symptom of broader information security concerns across government."

In January the GAO again designated information security as a governmentwide high-risk area. Some of the security weaknesses GAO has identified include the inability to detect, protect against and recover from viruses such as Melissa.

Although agencies managed to contain Melissa, it is likely that the next virus will do more damage, Rhodes said. Therefore, "it is imperative that federal agencies and the government as a whole swiftly implement long-term solutions to protect systems and sensitive data," he said in his testimony.

Long-term solutions to the problems presented by Melissa will "require fundamental changes to the way technology is developed, packaged and used," said Richard Pethia, director of the Survivable Systems Initiative and the Computer Engineering Response Team Coordination Center at Carnegie-Mellon University's Software Engineering Institute. "It is critical that systems operators and product developers recognize that their systems and products are now operating in hostile environments."

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.