Can be Done to Reduce the Threats Posed by Computer Viruses and Worms
to the Workings of Government"
August 29, 2001
A quorum being present, this hearing of the Subcommittee
on Government Efficiency, Financial Management and Intergovernmental Relations
will come to order.
The dramatic increase in computer use and the Internet
are changing the way we communicate and conduct business. With 58 percent
of Americans now having home Internet access, our Federal, State, and
local governments increasingly rely on the Internet to conduct business.
More than 40 million Americans now perform such routine activities as
filing income tax returns, health benefit claims, and renewing driver's
licenses electronically. In addition to this wealth of personal information,
the government's computer systems hold information that is vital to the
security and economic well-being of this Nation.
Unfortunately, these systems are increasingly vulnerable
to hostile attacks that are capable of extracting unauthorized information
and potentially threatening the Nation's infrastructure. Overall,
the number and sophistication of these attacks is rising dramatically.
According to the federally funded CERT Coordination Center the number
of incidents rose from 9,859 in 1999 to 21,765 in 2000. So far this year,
15,476 incidents have been reported. An increasing number of these attacks,
often in the form of viruses or worms, specifically target government
There are more than 48,000 known worms and viruses
which enable hackers to gain access to systems and data stored on the
infected computers. Some of the most destructive of these programs can
delete system and application software and even destroy the hardware itself.
There are nearly 110 million computers with Internet
connections, and, as we have seen, these potentially devastating viruses
or worms can become an epidemic in microseconds. In 1999, for example,
the Melissa virus gained notoriety because of the speed at which it spread.
The first confirmed reports of Melissa were received on Friday, March
26, 1999. By Monday, March 29, the virus had affected more than 100,000
Last year, the "ILOVEYOU" virus created
worldwide havoc in a matter of days, costing an estimated $8.7 billion
dollars to fix. And last month, worms, called
Code Red I and II, burrowed into nearly 1 million computers and affected
an estimated 100 million computer users worldwide. E-mail systems went
down for days. Workers were locked out of crucial computer files, and
some e-commerce ground to a halt. Government web sites came under siege,
with the Pentagon shutting down public access to all of its web servers.
To date the costs of the Code Red worms have risen to more than $2 billion
dollars and are mushrooming to about $200 million dollars per day.
So far, these viruses and worms have not caused
irreparable damage to the Federal Government's information systems. However,
as the attacks become more sophisticated, the magnitude of the potential
threat is colossal. We must do something
more than just react to these attacks. There is no easy fix, but governments
at every level must be prepared for the next attempted invasion. Computer
security must become a priority.
Today, we will examine the extent of the threat
to government computer systems, and the need for policy changes to ensure
that those systems, which are vital to this Nation and its citizens, are
We welcome our witnesses today, and look forward
to their testimony.