Virus hits Navy Marine Corps Intranet

Navy NMCI Web site

The lead contractor for the Navy Marine Corps Intranet blames a new worm for NMCI's connection problems today.

NMCI users have been experiencing "intermittent problems" in connecting to outside networks, said a spokesman for tech services firm EDS, the lead vendor for the program. The network did not fully crash, and NMCI users still have access to their desktop applications. NMCI personnel are trying to distribute a patch from security firm Symantec.

"We are currently experiencing connectivity issues enterprise wide to include e-mail, Web and shared drive access due to a virus," states a recording on a hotline for the NMCI Strike Force, which is made up of Navy and contractor personnel who handle network problems.

A so-called "good Samaritan" worm roots through networks looking for the Blaster worm that debilitated so many networks last week. The new virus finds the Blaster, removes it and fixes it by automatically downloading the Microsoft patch, but does so at the expense of processing speed and bandwidth, EDS said. When the new worm got inside the NMCI network, it ate up huge amounts of bandwidth by sending out pings to locate instances of the Blaster worm, EDS spokesman Kevin Clarke said.

Pushing the Symantec patch out to users who were already experiencing very limited bandwidth proved to be difficult, he said.

NMCI is an enterprisewide network designed to connect everyone in the Navy and Marine Corps on a single, secure network. Since users started being moved to the system in 2001, almost 97,000 seats have been shifted from legacy systems.

Until now, NMCI officials have always said that their network has never been successfully attacked by a virus. Last week, the Blaster worm affected some legacy systems, but no system moved to NMCI had been affected, a department spokesperson said at the time.

EDS, the lead contractor on the $8.8 billion deal, could earn up to $10 million per year for information assurance if NMCI performs well in unannounced "information warfare" tests of its security and survivability. It is not known if an outside source's ability to bring the system down would affect this financial incentive. Symantec is one of several subcontracts who provide security devices, patches and software for the NMCI network. Symantec supplies 10 products for NMCI, including NetProwler, Norton AntiVirus, Raptor Firewall and Mail Gear.

Consultant Robert Guerra of Guerra, Kiviat, Flyzik and Associates said he doubts the outage will have any lasting effects on either EDS or the NMCI program.

"The history of the performance of the network is incredible," he said. "It's been up for a couple of years and this would mark the first time it's been down. The project has a responsible vendor, who's done a great job at deploying a very complex network, and a very good customer in the Navy."

Guerra said he hopes people don't rush to any conclusions before the Navy can sort out what brought the network down.

"We had a power outage last week across several states and the border with Canada, but no one is looking to shut down" Con Edison, he said. "I hope this doesn't affect the program, because the Navy has decided this is the right way for the Navy to go."