Who restarts the Internet after a cyber Katrina?
By: Michael Hampton
The Department of Homeland Security can barely protect its own computer
systems from outside attack. Yet a group of business leaders wants to turn
over their responsibility for coordinating with each other after a
catastrophic disaster affecting the Internet to the department.
A new Business Roundtable report (PDF) says that "the United States is not
sufficiently prepared for a major attack, software incident or natural
disaster that would lead to disruption of large parts of the Internet."
"If our nation is hit by a cyber Katrina that wipes out large parts of the
Internet, there is no coordinated plan in place to restart and restore the
Internet," said John J. Castellani, president of Business Roundtable and one
of the Gang of Six most influential Washington lobbyists. "A cyber disaster
could have immediate and nationwide consequences to our nation's security
and economy, and we need to be better prepared."
The report says that the Internet lacks early warning systems, or "trip
wires," which could identify signs of a catastrophic event such as an
Internet-based attack before it happens, and track the progress of such a
disruption.
"Those who maintain the IT infrastructure need global trip wires to ensure
the well-being of the Internet should a massive disruption or cyber attack
come from overseas," the report says. "Without adequate trip wires, the
government, businesses and citizens lack the ability to anticipate when
coordinated mitigation strategies are needed or understand if or how
government might intervene."
The report rightly says that the private sector must shoulder most of the
responsibility for recovery after an attack or disaster, and rightly
identifies poorly coordinated government programs as an obstacle.
It said that various government agencies have responsibilities which are
conflicting and unclear and these responsibilities should be clarified and
reassigned where appropriate. The report said that the government had no
clear policy on Internet disaster recovery and that it should develop such a
policy.
The report calls for companies to implement new mutual aid agreements and
standard communication protocols in the event of a disaster, and for the
Department of Homeland Security to take a more prominent role in
coordinating Internet disaster response between the companies responsible.
Because, of course, they can't do it themselves, so they'd rather have
taxpayer dollars pay for components of disaster response they should be
handling themselves.
I don't think they realize what they're asking for. The government certainly
has a role in Internet disaster response, as it has computers on the
Internet. But giving it such a central role might not be such a good idea,
when it can't even keep its own little corner of the Internet secure. And
especially not when its inability to respond to a truly catastrophic event
and to hinder disaster response at every turn has been so thoroughly
demonstrated
In February, DHS's National Cyber Security Division conducted an exercise
called Cyber Storm in which it coordinated a response to a simulated attack
on the U.S. power grid via the Internet.
"Cyber Storm exemplified the importance of public and private sector and
international entities working together and in concert and in coordination
to prepare and to protect our citizens, our businesses, and frankly, our
national interests," said DHS undersecretary for preparedness George
Foresman.
DHS will issue an after-action report on Cyber Storm later this summer.
Maybe.
In the meantime, I have my own disaster recovery plan in place. And maybe if
things are truly catastrophic I might have to relocate this site to
Johannesburg or Taipei or Alice Springs, but you can be sure I can do it
within 24 hours, even in the worst circumstances I can imagine.
Plan for your own disaster recovery and let everyone else do the same. Then
what homeland security expert W. David Stephenson calls emergent behavior
will take over. He said the best example was the Flight 93 passengers'
spontaneous, self-organizing effort to thwart the September 11 hijackers,
and that there were also many similar examples during Hurricane Katrina
One can plan for disasters all day long, but when the excrement hits the
ventilation device, all the plans go out the window, as anyone who's ever
been in the military will tell you, and the situation goes ad-hoc very fast.
A proper disaster response must plan for this and leverage emergent, ad-hoc
responses, Stephenson argued.
"Government can either capitalize on the technology and science of networks
and treat the public as full partners in prevention and response, creating
the conditions that would let emergent behavior flourish, or we will take
matters into our own hands and circumvent government," said Stephenson.
source:
www.homelandstupidity.us/2006/06/28/who-restarts-the-internet-after-a
-cyber-katrina/