Computer networks used by government and business are increasingly at risk of severe disruption, and the federal government is not doing enough about the threat, congressional investigators said in a report to be made public today.

Security shortcomings jeopardize national defense, tax collection, law enforcement and air traffic control among other key operations, the nonpartisan General Accounting Office said in a draft.

"At the federal level, these risks are not being adequately addressed," the GAO said in a report prepared for Sen. Robert F. Bennett (R-Utah), who heads the Senate Special Committee on the Year 2000 Technology Problem.

The number of security incidents handled by Carnegie Mellon University's CERT Coordination Center, a federally funded emergency response team, has risen from 1,334 in 1993 to 4,398 during the first half of this year, the report said.

Organized attacks such as one code-named "Solar Sunrise" on Defense Department computers in February 1998, and computer viruses such as "Melissa" early this year, highlight the government's susceptibility, the GAO said.

It cited "even greater concerns" of some experts about private-sector systems that control energy, telecommunications, financial services, transportation and other vital services.

Concern about vulnerability to cyber attack led President Clinton in May 1998 to instruct federal agencies to develop cyber protection plans and establish links with industry groups. But the GAO said no strategy for improving federal information security had been articulated clearly yet and risks had not been prioritized.