Dear Mr. Rosenberger,
Thank you for your letter dated April 6, 1999, regarding our "Alert" about the
"Melissa" macro virus. Letters regarding information disseminated by the National
Infrastructure Protection Center (NIPC) serve as valuable indicators that we are reaching the American
public who rely on computer networks for business or personal use, and also provide useful input that
helps us adjust our warnings alerts, and advisories, to better serve the needs of industry and the
I would, however, like to address a few misperceptions in your letter. First, your letter referred to an
unidentified report which claimed the FBI had joined forces with Network Associates to offer a $50,000
reward for information leading to the arrest of the perpetrator(s) in this matter. We have learned that
Network Associates apparently did offer a monetary reward, but the FBI did not participate in this offer.
As you know, in fast-breaking situations such as this, press reports may not be fully informed.
Second, your letter states that our Melissa alert was the first we have issued since our creation. In
fact, NIPC has issued many warnings, alerts, and advisories. Some of these have been sent to government
agencies and selected industry entities based on the nature of the incident or threat, and have not been
relevant to the public at large. In addition, the NIPC has sent several alerts aimed at the general
public when we judged the potential impact of malicious computer acts as broad based. This was the case
with the Melissa macro virus. When the general public needs to be warned, our web page and the general
media can play an important role in informing the American public during these fast-moving situations.
Consistent with our mission, we use all appropriate vehicles to help ensure that the public understands
evolving threat situations, their potential impact on computer or network operations, and preventive or
response measures they may take to minimize damage or disruption. Besides helping the public when we
issue an alert, we hope the public will respond with information that will help the FBI and state and
local law enforcement agencies, often working together, to investigate potentially criminal dimensions of
Third, your letter states that our alert appeared to be written in haste and without any procedures to
guide it. In fact, though our alert was necessarily prepared with dispatch in order to contain the
spread of Melissa and resulting damage, it was not written "in haste," and it was written and
disseminated in accordance with established internal procedures.
Fourth, your letter asserts that the alert appears "almost political" in nature and that we
seemed to "jump into Melissa's coattails" for "photo-op potential." I must
respectfully but vehemently disagree. The purpose of the warning was to alert government agencies,
businesses, and the public to a fast-spreading virus that could cause denial of service to e-mail servers
and networks. Our warnings, disseminated by various means early on the morning of March 27th, were among
the first issued by any entity. Our statements to the press on March 28th and 29th were aimed at getting
word to the general public as people returned to work on Monday and opened e-mails with the potential of
creating more damage. This is a core part of our mission, and is not "political" in any sense
of the word.
Finally, in the process of developing alerts and other warning products, we coordinate our activities
with the excellent efforts of such professional groups as CERT, CIAC, and FedCIRC. We will usually not
issue an alert unless we have some unique information, special concern, or need to reach a less
computer-literate audience than that which normally relies on the computer security community.
Again, thank you for your observations regarding our latest "Alert," and for your statement of
support for our charter. Our goal is to pursue the NIPC mission to protect the critical national
infrastructures, including keeping government, the private sector, and the American public informed of
possible malicious intrusions and viruses that could seriously damage computer network operations. I
hope this reply addresses your concerns and I encourage you to write me regarding any further
observations or suggestions you may have on these matters.
Michael A. Vatis