Business Leaders Say U.S. is Unprepared for a (gulp) ‘Cyber-Katrina’
By Rick Moss
“Significant gaps exist in the response plans of the U.S. government and the private sector for reconstituting the Internet in the event of an unprecedented massive Internet disruption.”
Sounds like a rant from the Unabomber, right? Were that the case, the danger would certainly be easier to dismiss. But, unfortunately, the source is about as respectable as they come. The Business Roundtable is a think tank comprised of CEOs from 160 leading U.S. companies that represent upwards of $4.5 trillion in annual sales (almost one-third of the total value of the stock market) and 10 million employees. Members include IBM, GM, H-P, Coca-Cola, Home Depot and Sun Microsystems.
In 2005, the organization examined the issue of preparedness for a “major attack, software incident or natural disaster that would lead to a disruption of large parts of the Internet.” They reviewed the government’s plans, commitment and funding availability.
Bottom line? “The Roundtable’s review found that there are no well-coordinated processes that would integrate the disparate plans of industry and government to restore Internet functioning.”
An analysis of the shortcomings in government planning and coordination within business sectors is summarized in a white paper just published by the Roundtable, “Essential Steps to Strengthen America’s Cyber Terrorism Preparedness” (PDF download).
The title alone is reason for some optimism, at least relative to the analogy of a Katrina-like disaster. The report says that, although the last 10 years has seen progress on security and many technical fronts, many other aspects are simply not being addressed. These include the need for a host of contingencies, from shoring up market confidence after a total internet failure to making sure government and business leaders know how to respond.
Most pressing, perhaps, is the need for business and government to work in concert. “Well-intentioned government officials and industry leaders are not currently in a position to synchronize efforts and deploy coordinated and tested capabilities to restore Internet services,” the report says.
A primary message of the report is that, unlike coordinated responses to natural disasters like hurricanes, which are government-based, business and industry must take the lead on cyber affairs. The Roundtable’s recommendations for the private sector include:
- Establishing a single point of contact within the company to coordinate internet restoration and efforts with government officials
- Developing a strategic company plan to account for the movement of goods and services during and after the disaster
- Consolidating early warning and response to avoid confusion from overlapping and multiple organizations
- Agreeing on an information-sharing mechanism (presumably one that does not rely on the internet)
Moderator’s Comment: What chance do we have that all the disparate entities that need to be involved will act together and produce a viable preparedness
plan for an “internet tsunami”?
For what it’s worth…
“If the system breaks down the consequences will still be very painful. But the bigger the system grows the more disastrous the results of its breakdown
will be, so if it is to break down it had best break down sooner rather than later.” – Point #3 from the Introduction of the Unabomber’s Manifesto –
Rick Moss – Moderator