Virus worms into NMCI

For the first time in its short history, the Navy Marine Corps Intranet fell victim to an outside attack.

A virus, albeit a supposedly "good" one, wormed its way in-to the enterprisewide network last week, causing many users to lose e-mail and Internet connectivity.

NMCI users experienced "intermittent problems" connect-ing to outside networks, said Kevin Clarke, a spokesman for EDS, the lead vendor for the Navy's initiative to create a single network for its shore-based operations.

The network did not fully crash, and users still had access to their desktop applications, officials noted. NMCI personnel distributed a patch from secu-rity firm Symantec Corp.

"We are currently experiencing connectivity issues enteprise-wide to include e-mail, Web and shared-drive access due to a virus," said a hot line recording of the NMCI Strike Force, which is made up of Navy and contractor personnel who handle network problems.

The so-called Welchia worm roots through networks looking for the Blaster worm that debilitated so many networks last week and automatically downloads and applies the Microsoft patch. But it does so at the expense of processing speed and bandwidth.

It remains a mystery how the new worm got inside the NMCI network, according to Capt. Chris Christopher, NMCI's staff director. "We could bring the whole network down [to fix it], but we do not want to do that."

As of the morning of Aug. 21, the worm was still affecting about 5,000 computers, including those at a number of small, remote locations, Clarke said. Because of the log-on configurations at some of those facilities, the patch could not be downloaded remotely. Therefore, the Strike Force was sending people out to physically repair network infrastructure.

By Aug. 22, the network was about 95 percent operational and only cleanup remained, Christopher said. The investigation to determine how and where the worm made its way into the system is expected to take a few weeks, he said.

The slowdown is something of a blow to officials at the Navy and EDS because security has been one of the key factors in rolling out the nearly 400,000-seat network.

Until now, NMCI officials said that a virus had never successfully penetrated their network, despite more than 85,000 malicious attempts made on the system. Earlier this month, the Blaster worm affected some legacy systems, but no system moved to NMCI had been affected, a department spokesperson said at the time.

"It would be Pollyanna-ish to assume that this can't happen again, so we're going to take this as a learning experience," Christopher said. "We're going to develop lessons learned and apply those in the future."

Robert Guerra, a principal with the consulting firm Guerra, Kiviat, Flyzik and Associates Inc., said he doubts the outage will have any lasting effects on either EDS or the NMCI program.

"The history of the performance of the network is incredible," he said. "It's been up for a couple of years and this would mark the first time it's been down. The project has a responsible vendor who's done a great job at deploying a very complex network, and a very good customer in the Navy."

Guerra said he hopes people don't rush to any conclusions before the Navy can sort out what brought the network down.

"We had a power outage last week across several states and the border with Canada, but no one is looking to shut down" Con Edison, he said. "I hope this doesn't affect the program, because the Navy has decided this is the right way for the Navy to go."