[ISN] U.S. vulnerable to 'cyber Katrina'’

[InfoSec News]

http://www.gcn.com/online/vol1_no1/41172-1.html

By Alice Lipowicz
Contributing Writer
06/27/06

The United States is poorly prepared for a "cyber Katrina," with no
coordinated plan for restoring and recovering the Internet after a
major disruption, according to a new Business Roundtable report [1],
released yesterday.

Despite efforts to address the problem, the federal government and
private sector have not developed a coordinated plan for restoring the
Internet and maintaining confidence in financial markets following a
major breach in functioning.

The gaps identified include no cyberattack early warning system,
unclear and overlapping responsibilities for responding to Internet
disruptions, and no sufficient resources.

"If there's a cyberdisaster, there is no emergency number to call -
and no one in place to respond, because our nation simply doesn't have
the kind of coordinated plan in place that we need to restart and
restore the Internet," Edward Rust Jr., chairman of State Farm
Insurance Companies and head of the Roundtable Security Task Force's
working group on cybersecurity, said in a news release. "Government
and industry must work together to beef up our cybersecurity and
recovery efforts."

The roundtable, which comprises chief executives of major corporations
representing nearly a third of the total value of the U.S. stock
market, said the private sector should take the lead in restoring the
communications infrastructure following a disaster.

The federal government should establish clearer roles and
responsibilities. For example, while the Homeland Security Department
said it has authority to declare a national cyberemergency and intends
to consult with business leaders, the report said it is not clear how
this consultation will occur or what the factors are for declaring an
emergency.

The federal government also should provide funding for long-term
programs, and make sure that national response plans treat major
Internet disruptions as serious national problems, the report said.  
The National Cyber Security Division within DHS receives about $70
million a year, but almost none of the funds support cyber-recovery,
the report said.

Federal authorities should set a clear policy for Internet recovery,
which would define DHS' role and responsibility; define the
responsibilities of the U.S. Computer Emergency Response team; specify
how the Homeland Security Operations Center will be used; and clarify
the roles of other agencies, such as the Federal Communications
Commission and the Federal Emergency Management Agency, the report
said.

Private sector executives are urged to designate a point person for
cyber-recovery, update their plans to prepare for a widespread
Internet outage and the impact on movement of goods and services, and
set priorities for restoring Internet service and corporate
communications.

The roundtable also urged creation of a federally funded panel of
experts to assist in developing plans for recovering the Internet
after a cyberdisaster. It also suggests DHS and industry jointly
conduct large-scale cyberemergency exercises.

[1] http://www.businessroundtable.org/pdf/20060622002CyberReconFinal6106.pdf