In fighting viruses, agencies find that quick response proves crucial

In fighting viruses, agencies find that quick response proves crucial

DOE's John Gilligan says coordination is a security must.

By Christopher J. Dorobek

GCN Staff

A speedy response is the key to containing and blocking computer viruses, federal information technology executives learned as they labored under a recent barrage of infected e-mail messages.

'It was clear with the Love Bug that time becomes critical,' said Energy Department chief information officer John Gilligan.

'The difference between ILOVEYOU and other recent viruses ' is the speed at which it spread,' said Jack L. Brock Jr., director of governmentwide information issues at the General Accounting Office, said at a hearing of Senate Banking Subcommittee on Financial Institutions.

The government 'was not effective at detecting this virus early on and warning agencies about the imminent threat. Consequently, most agencies were affected,' Brock said.

Only two of the 20 agencies GAO contacted said they first learned of the virus from the General Services Administration's Federal Computer Incident Response Capability team.

Government officials acknowledged that the United States was slow to react to the signs of trouble coming from overseas.

The Financial Services Information Sharing and Analysis Center, a private-sector group of financial institutions established to share information about vulnerabilities, posted its first warning about the virus at 3 a.m. on May 4, GAO said, more than four hours before the FBI's National Infrastructure Protection Center started advising senior government officials.

To improve such communications, Gilligan said the CIO Council and FedCIRC are working on a plan to create a CIO Security Network, a virtual private network that would alert agencies to software viruses and other attacks.

The idea took root after the Melissa virus last year, he said, and gathered new momentum because of the recent rash of attacks.

FedCIRC director Dave Jarrell said the Love Bug and its lookalike viruses were the first generation of a new type of virus.

Mail is down

'The Love Bug in its first generation was proliferating so quickly, people went into panic mode,' he said. Many agencies took what seemed to be a reasonable step: They shut down their mail servers to thwart an epidemic.

But shutting down e-mail also closed off communications, Jarrell said. 'That was the worst thing they could have done,' he said. 'They created their own distributed denial-of-service by disconnecting their networks.'

Instead, agencies needed to stop Microsoft Windows' ability to propagate such viruses, he said.

FedCIRC sent an e-mail message at about 9:30 a.m., but by that time many agencies had shut down their mail servers. FedCIRC then attempted to fax agencies, but its list ran to more than 900 numbers.

'We couldn't do 900 faxes,' Jarrell said. 'We knew that.'

FedCIRC now has four PCs dedicated to sending faxes as a contingency. 'That's going to help us out, but that is still going to be slower than we need to do,' he said.

Sen. Robert Bennett (R-Utah), speaking last month at an Armed Forces Communications and Electronics Association conference, said the Love Bug was relatively unsophisticated, and he warned that damage from a more lethal attack could be far worse (see story, Page 14).


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected