Truth About Computer Security Hysteria
An open letter to FBI NIPC director Michael VatisRob Rosenberger, Vmyths co-founder
Monday, 5 April 1999
DEAR DIRECTOR VATIS,
An open letter to Michael Vatis, director of the FBI National Infrastructure Protection Center
The unprecedented "manhunt" for Melissa's author seems impressive on the surface. A link to your organization's first security alert appeared on the FBI's default home page, and one news report claims you teamed up with antivirus vendor Network Associates to offer a $50,000 reward for information leading to an arrest.
However, I notice certain oddities as I study your efforts. For example, your organization existed for more than a year before issuing its first alert, yet it looks like someone wrote it in haste with little or no procedures to guide its format. The alert also includes a quote from you which appears almost political in nature. An update (also apparently written in haste) contains rumors about the virus. If your organization planned to affiliate itself with Network Associates as reported, it would set an important precedent for lucrative "corporate sponsorships."
CERT and CIAC follow certain procedures when they issue formal alerts. To the best of my knowledge, they avoid rumors, political statements, and corporate affiliations. Frankly, it looks like your organization jumped onto Melissa's coattails in large part for its "photo-op" potential.
I hope Rep. Jerry Costello (IL-12) will invite me to testify before Congress about cyber-threats. In my prepared text, I would pose this philosophical question:
"Suppose Melissa's author waited just six more days. Would the FBI launch a nationwide manhunt for a relatively non-destructive computer virus released on April Fool's Day?"
Sir, I strongly support NIPC's charter to protect the national infrastructures. Please don't let your organization devolve into a political tool.
Rob Rosenberger, webmaster