The intelligence services failed to warn government departments about the Love Bug virus until more than two hours after it began to infect systems, a committee of MPs has revealed.
The delay allowed large numbers of government networks to become infected and meant US government departments did not receive a warning before their offices opened.
The failure has led to calls from MPs on the Intelligence and Security Committee for a review of the Government's early warning system, the Unified Incident Reporting and Alert Scheme (Uniras).
The scheme, part of the Government's National Infrastructure Co-ordination Centre (NISCC) was set up five years ago to provide early warning of IT attacks.
Security experts suggest it may be unrealistic to expect Uniras to react as quickly to threats as commercial virus companies.
"It is not clear how Uniras can get hold of information about viruses ahead of the virus doctors. Once a virus has been activated it can tell people who to call for advice. But because it is a government body it can't afford to make mistakes," said Peter Sommer, IT security expert at the London School of Economics.
The Intelligence and Security Committee has also raised concerns about the progress of IT projects in MI5, MI6 and in GCHQ.
"There have been significant problems with administrative IT projects in each agency while some core business IT projects have gone through difficult patches," the committee said in its annual report.
The report said that central IT machinery is not structured to support joint projects between the three spying agencies, and called for the Government's Joint Intelligence Committee to play a more active role in co-ordinating the work.
The report raised particular concerns about one unnamed IT project, which it said does not have a proper business case, lacks a project manager, and still has to find the "right balance between security and functionality".
Despite the problems, the committee said it had seen the results of a detailed examination of allegations about IT incompetence by renegade spy David Shayler and found them unjustified. The service's record on IT is creditable, it said, and problems have been no greater than those faced by any other organisation.
Read more on IT risk management
Banks should be made legally liable for e-crime losses the House of Lords Science and Technology Committee said today.
The Banking Code does not give...