http:
//www.gcn.com/online/vol1_no1/41172-1.html
By Alice Lipowicz
Contributing Writer
06/27/06
The United States is poorly prepared for a "cyber
Katrina," with no
coordinated plan for restoring and recovering the Internet
after a
major disruption, according to a new Business Roundtable
report [1],
released yesterday.
Despite efforts to address the problem, the federal
government and
private sector have not developed a coordinated plan for
restoring the
Internet and maintaining confidence in financial markets
following a
major breach in functioning.
The gaps identified include no cyberattack early warning
system,
unclear and overlapping responsibilities for responding to
Internet
disruptions, and no sufficient resources.
"If there's a cyberdisaster, there is no emergency
number to call -
and no one in place to respond, because our nation simply
doesn't have
the kind of coordinated plan in place that we need to
restart and
restore the Internet," Edward Rust Jr., chairman of
State Farm
Insurance Companies and head of the Roundtable Security Task
Force's
working group on cybersecurity, said in a news release.
"Government
and industry must work together to beef up our cybersecurity
and
recovery efforts."
The roundtable, which comprises chief executives of major
corporations
representing nearly a third of the total value of the U.S.
stock
market, said the private sector should take the lead in
restoring the
communications infrastructure following a disaster.
The federal government should establish clearer roles and
responsibilities. For example, while the Homeland Security
Department
said it has authority to declare a national cyberemergency
and intends
to consult with business leaders, the report said it is not
clear how
this consultation will occur or what the factors are for
declaring an
emergency.
The federal government also should provide funding for
long-term
programs, and make sure that national response plans treat
major
Internet disruptions as serious national problems, the
report said.
The National Cyber Security Division within DHS receives
about $70
million a year, but almost none of the funds support
cyber-recovery,
the report said.
Federal authorities should set a clear policy for Internet
recovery,
which would define DHS' role and responsibility; define the
responsibilities of the U.S. Computer Emergency Response
team; specify
how the Homeland Security Operations Center will be used;
and clarify
the roles of other agencies, such as the Federal
Communications
Commission and the Federal Emergency Management Agency, the
report
said.
Private sector executives are urged to designate a point
person for
cyber-recovery, update their plans to prepare for a
widespread
Internet outage and the impact on movement of goods and
services, and
set priorities for restoring Internet service and corporate
communications.
The roundtable also urged creation of a federally funded
panel of
experts to assist in developing plans for recovering the
Internet
after a cyberdisaster. It also suggests DHS and industry
jointly
conduct large-scale cyberemergency exercises.
[1] http://www.businessroundtable.org/pdf/20
060622002CyberReconFinal6106.pdf
_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
|