WASHINGTON (05/10/2000) - The "Love Bug" was widely successful in infecting computer systems in North America and in exposing -- once again -- the ineffectiveness of government alerting systems in issuing warnings about such threats. That's what a U.S. House Committee on Science subcommittee heard today from a panel of experts about the virus or worm, which arrived virtually everywhere earlier this month.
"This was the most destructive, the fastest-propagating and the most pervasive virus to date," said Peter Tippett, chief scientist at ICSA.net in Reston, Virginia, who was among those who testified today.
Preliminary data from an ICSA survey of 62 companies with more than 200 desktop computers, found that 98% received copies of the virus and that 41 companies, or 65%, reported infections as a result of the worm-carrying e-mail, said Tippett.
With last year's Melissa virus, 20% of North American companies surveyed encountered the virus, and 15% were infected, said Tippett.
At least 14 major federal agencies said the virus had penetrated their systems.
"We still do not know the full effect of this virus on the agencies that were penetrated," said Keith Rhodes, who heads the information technology assessment division at the U.S. General Accounting Office.
Rhodes said government agencies weren't informed quickly enough about the threat.
"Like Melissa more than a year ago, little information was available early enough for agencies to take proactive steps to mitigate the damage," said Rhodes. "In a lot of ways, getting a snippet from CNN is more valuable then waiting for a full-blown response from a government agency."
The government needs a single "cyberczar," said Harris N. Miller, president of the Information Technology Association of America - a person who can play a role similar to what former federal Y2k chief John Koskinen had in organizing a government response to the year 2000 problem. The government needs someone who has "the authority and the ear of the president and can coordinate responses across government agencies," said Miller.
Technology Subcommittee Chairwoman Constance Morella (Republican-Maryland) said the committee has been hearing a "constant theme" about the problem, namely:
"Most systems are simply too vulnerable, and not enough is being done to protect critical information systems from attacks and corruption."
The subcommittee held a hearing on the Melissa virus one year ago last month.
At that time, the committee was warned that the next virus would be worse. The same warning was sounded again today.
But it still isn't easy for virus writers to succeed. Of the 50,000 viruses in ICSA.net's labs, only 500 or 600 have infected computers and an even smaller number have proved especially virulent, said Tippett.
Virus writers "are trying to make them work, but it's a lot like the biological iterations that have to happen before somebody stumbles onto something that happens to work," said Tippett.