Computer Networks Feared at Risk of Disruption, GAO Report Warns

Computer networks used by government and business are increasingly at risk of severe disruption, and the federal government is not doing enough about the threat, congressional investigators said in a report to be made public today.

Security shortcomings jeopardize national defense, tax collection, law enforcement and air traffic control, among other key operations, the nonpartisan General Accounting Office said in a draft obtained by Reuters.

“At the federal level, these risks are not being adequately addressed,” said the GAO, the investigative and audit arm of Congress. The report was prepared for Sen. Robert Bennett, the Utah Republican who heads the Senate Special Committee on the Year 2000 Technology Problem.

The number of security incidents handled by Carnegie Mellon University’s CERT Coordination Center, a federally funded emergency response team, has risen from 1,334 in 1993 to 4,398 during the first half of this year, the report said.

Organized attacks, such as one code-named Solar Sunrise on Defense Department computers in February 1998, and computer viruses such as Melissa this year, highlight the government’s susceptibility, the GAO said.

It cited “even greater concerns” of some experts about private-sector systems that control energy, telecommunications, financial services, transportation and other vital services.

“Few reports are publicly available about the effectiveness of controls over privately controlled systems,” GAO said. It added that private entities were “understandably reluctant” to disclose vulnerabilities that might undercut customer confidence.

“Our nation’s computer-based critical infrastructures are at increasing risk of severe disruption,” it said, citing threats from hackers, terrorists and even foreign governments that are capable of computer-based “information warfare.”