Study: U.S. not ready for 'cyber-Katrina'

The United States is poorly prepared for a "cyber Katrina," with no coordinated plan for restoring and recovering the Internet after a major disruption, according to a new Business Roundtable report, released today.

Despite efforts to address the problem, the federal government and private sector have not developed a coordinated plan for restoring the Internet and maintaining confidence in financial markets following a major breach in functioning.
Among the gaps: no cyberattack early warning system, unclear and overlapping responsibilities for responding to Internet disruptions, and no sufficient resources.

"If there's a cyberdisaster, there is no emergency number to call -- and no one in place to respond, because our nation simply doesn't have the kind of coordinated plan in place that we need to restart and restore the Internet," Edward Rust Jr., chairman of State Farm Insurance Companies and head of the Roundtable Security Task Force's working group on cybersecurity, said in a news release. "Government and industry must work together to beef up our cybersecurity and recovery efforts."

The roundtable, which comprises chief executives of major corporations representing nearly a third of the total value of the U.S. stock market, said the private sector should take the lead in restoring the communications infrastructure following a disaster.

The federal government should establish clearer roles and responsibilities. For example, while the Homeland Security Department said it has authority to declare a national cyberemergency and intends to consult with business leaders, the report said it is not clear how this consultation will occur or what the factors are for declaring an emergency.

The federal government also should provide funding for long-term programs, and make sure that national response plans treat major Internet disruptions as serious national problems, the report said. The National Cyber Security Division within DHS receives about $70 million a year, but almost none of the funds support cyber-recovery, the report said.

Federal authorities should set a clear policy for Internet recovery, which would define DHS' role and responsibility; define the responsibilities of the U.S. Computer Emergency Response team; specify how the Homeland Security Operations Center will be used; and clarify the roles of other agencies, such as the Federal Communications Commission and the Federal Emergency Management Agency, the report said.

Private sector executives are urged to designate a point person for cyber-recovery, update their plans to prepare for a widespread Internet outage and the impact on movement of goods and services, and set priorities for restoring Internet service and corporate communications.

The roundtable also urged creation of a federally funded panel of experts to assist in developing plans for recovering the Internet after a cyberdisaster. It also suggests DHS and industry jointly conduct large-scale cyberemergency exercises.