Despite fending off Melissa virus, U.S. systems still vulnerable

The wildly proliferating Melissa macro virus that the government battled late last month underscored the need for agencies to improve inadequate system security practices, according to testimony presented at a House subcommittee hearing today.

"In facing the challenges of Melissa, one thing has become clear: Our federal systems are not adequately protected," said Constance Morella (R-Md.), chairwoman of the Technology Subcommittee of the House Science Committee.

The lack of adequate information security in the public and private sectors "has the potential to dwarf the millennium bug," she said. "Many people today still think that computer security is owning a backup disk drive."

Keith Rhodes, technical director for computers and telecommunications in the General Accounting Office's Accounting and Information Management Division, said Melissa is a "symptom of broader information security concerns across government."

In January the GAO again designated information security as a governmentwide high-risk area. Some of the security weaknesses GAO has identified include the inability to detect, protect against and recover from viruses such as Melissa.

Although agencies managed to contain Melissa, it is likely that the next virus will do more damage, Rhodes said. Therefore, "it is imperative that federal agencies and the government as a whole swiftly implement long-term solutions to protect systems and sensitive data," he said in his testimony.

Long-term solutions to the problems presented by Melissa will "require fundamental changes to the way technology is developed, packaged and used," said Richard Pethia, director of the Survivable Systems Initiative and the Computer Engineering Response Team Coordination Center at Carnegie-Mellon University's Software Engineering Institute. "It is critical that systems operators and product developers recognize that their systems and products are now operating in hostile environments."

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected