12 May 2000

Computer Virus Underscores Need for More Information Technology Research

By Charlene Porter
Washington File Staff Writer

As Philippine authorities search for the originator of the "I love you" computer virus, information technology (IT) experts around the world tally up the damages resulting from the destructive program that spread through computer mail systems beginning May 4.

This technological infection broke out just as the National Research Council, an arm of the National Academy of Sciences, was completing a report entitled "Making IT Better: Expanding the Scope of Information Technology Research to Meet Society's Needs." Several principal contributors to that report said May 10 that the "I love you" virus verifies their conclusion that government, academia and industry need to pursue more extensive research into how large-scale computer systems function under real-world pressures.

While government and industry spending on research has been significant in recent years, "Making IT Better" finds that much of that work has been devoted to "applied research with near-term, incremental benefits, rather than fundamental research that could lead to breakthroughs in the long-term," according to a press release announcing the report.

Addressing how the findings relate to the outbreak of the "I love you" virus, Samuel Fuller, co-chair of the Committee on Information Technology Research in a Competitive World, which produced the report, said at a Washington briefing that many researchers have conducted some work in the development of more secure computer systems.

"They've worked in areas of authentication, encryption, privacy and robustness of systems, and those are all tough problems," Fuller continued. "The viruses ... simply point to the fact that those fundamental problems in large scale systems are not solved. Research is required."

Stewart Personick, another member of the authoring committee, described the damage done by the "I love you" virus as a failure in the market. "Individual players in the marketplace in general do not see a reason why they should spend their money to deal with that problem particularly from a forward-looking research perspective."

Personick said he's discussed the need for more research with industry insiders only to hear one unidentified IT executive respond, "I wait till my car breaks down, then I fix it. Let's talk about something that will produce more immediate impact on my company."

Vulnerability and security of large-scale computer systems are only two areas begging for further study, according to "Making IT Better." Committee co-chair David G. Messerschmitt also emphasized the need for building systems with greater flexibility and research "which can try to come up with better methodologies, better architectures, better approaches to the design of large-scale systems."

"Making IT Better" emphasizes that research must also examine how people and companies use systems. The report's executive summary says, "Research on the social applications of IT demands the perspectives of IT researchers, researchers in other academic disciplines and end users of IT systems who are familiar with the particular challenges faced and the viability of different solutions."

The National Research Council report calls upon government, academia and industry to all contribute to this research effort. The study notes that the interdisciplinary environment existing on university campuses is conducive to the wide-ranging type of research it finds necessary. It also recommends changes in academic structures and traditions that can sometime work to discourage innovative research projects.

In the private sector, the report calls on research participation from companies in industries such as health care, banking and manufacturing. Because of their ever-increasing reliance upon IT systems, these companies "could benefit handsomely from research" that further explores the problems of large-scale systems and their social applications.

Though the report was completed before the "I love you" virus swept through computers around the world, the rationale for its findings seem to foreshadow the outbreak of the damaging technological bug. "As more and more people, activities and organizations come to depend on such systems -- that is, as the systems become critical societal infrastructures -- their impact, and the cost to society of their failure, grow."

This site is produced and maintained by the U.S. Department of State. Links to other Internet sites should not be construed as an endorsement of the views contained therein.