OCR of the Document

View the Document >>

Richard Sylvester, National Security Agency, "NSA and Computer Viruses," Cryptolog, XIX, 3 (1992). Unclassified/For Official Use Only.

DGCID 4036135 and Computer viruses inhard Sylvester 8 Emma There has been considerable discussion in an admission of vulnerability the Agency about computer viruses and the the acknowledgment that NSA has experienced Epossibility that computers and computer the intrusion of a computer virus in any ofits networks have been invaded In discussing the systems is classi ed at a minimum viruses writers must be aware of the classi cm DENIAL Etions tho apply to the discussions As most of us know a oomputer virus is 3 tion or the name of the speci c virus that may so ware program designed speci cally to repro have been discovered in an NSA AIS or network duce itself and to modify or destroy computer is classi ed at a minimum SECRET Eso ware damage or destroy equipment or com- promise sensitive data Some of us however are nnaware that any personal oomputer network or o oe automation system is susceptible to inva sions by a virus infecting any host in which the Sprogram is used Owing to the insidious nature of a virus any unwitting user can become an unwitting propagator 'WJ-Speci os concerning an infection such as the severity of the infectionrthe extent of damage done the complexity and expense of eradicating the disease or the impact of the virus on operations is classi ed TOP in some instances ifoertain details concerning the AIS the network or the database in which the virus was discovered are revealed any of the We have established classi cation guidelines above revelations may require handling in to discuss viruses that may be summarized as channels HVCCO or even in follows codeword channels 0 U the fact that NSA is aware ofoomputer Win summary be careful what you say viruses and that we take steps to minimize the and to whom you say about NSA and computer I The disclosure of the extent of infec 3 3 i risk of introducing viruses into our automated viruses For further information concerning the information systems AIS or networks is UN- classi cation matters pertaining to computer ECIASSIFIED viruses contact your classi cation advisory o cer CAO your local Computer Security U the fact that we employ comerdaliy Of cer or Computer Security Manager or J06 pmduced scam to for virus memo the TCOM of ce of Operational Computer Seen also is UNCWSIFIEB3rd Issue 1992 page 44