The Department of Homeland Security can barely protect its own computer systems from outside attack. Yet a group of business leaders wants to turn over their responsibility for coordinating with each other after a catastrophic disaster affecting the Internet to the department.
A new Business Roundtable report (PDF) says that “the United States is not sufficiently prepared for a major attack, software incident or natural disaster that would lead to disruption of large parts of the Internet.”
“If our nation is hit by a cyber Katrina that wipes out large parts of the Internet, there is no coordinated plan in place to restart and restore the Internet,” said John J. Castellani, president of Business Roundtable and one of the Gang of Six most influential Washington lobbyists. “A cyber disaster could have immediate and nationwide consequences to our nation’s security and economy, and we need to be better prepared.”
The report says that the Internet lacks early warning systems, or “trip wires,” which could identify signs of a catastrophic event such as an Internet-based attack before it happens, and track the progress of such a disruption.
“Those who maintain the IT infrastructure need global trip wires to ensure the well-being of the Internet should a massive disruption or cyber attack come from overseas,” the report says. “Without adequate trip wires, the government, businesses and citizens lack the ability to anticipate when coordinated mitigation strategies are needed or understand if or how government might intervene.”
The report rightly says that the private sector must shoulder most of the responsibility for recovery after an attack or disaster, and rightly identifies poorly coordinated government programs as an obstacle.
It said that various government agencies have responsibilities which are conflicting and unclear and these responsibilities should be clarified and reassigned where appropriate. The report said that the government had no clear policy on Internet disaster recovery and that it should develop such a policy.
The report calls for companies to implement new mutual aid agreements and standard communication protocols in the event of a disaster, and for the Department of Homeland Security to take a more prominent role in coordinating Internet disaster response between the companies responsible. Because, of course, they can’t do it themselves, so they’d rather have taxpayer dollars pay for components of disaster response they should be handling themselves.
I don’t think they realize what they’re asking for. The government certainly has a role in Internet disaster response, as it has computers on the Internet. But giving it such a central role might not be such a good idea, when it can’t even keep its own little corner of the Internet secure. And especially not when its inability to respond to a truly catastrophic event and to hinder disaster response at every turn has been so thoroughly demonstrated.
In February, DHS’s National Cyber Security Division conducted an exercise called Cyber Storm, in which it coordinated a response to a simulated attack on the U.S. power grid via the Internet.
“Cyber Storm exemplified the importance of public and private sector and international entities working together and in concert and in coordination to prepare and to protect our citizens, our businesses, and frankly, our national interests,” said DHS undersecretary for preparedness George Foresman.
DHS will issue an after-action report on Cyber Storm later this summer. Maybe.
In the meantime, I have my own disaster recovery plan in place. And maybe if things are truly catastrophic I might have to relocate this site to Johannesburg or Taipei or Alice Springs, but you can be sure I can do it within 24 hours, even in the worst circumstances I can imagine.
Plan for your own disaster recovery and let everyone else do the same. Then what homeland security expert W. David Stephenson calls emergent behavior will take over. He said the best example was the Flight 93 passengers’ spontaneous, self-organizing effort to thwart the September 11 hijackers, and that there were also many similar examples during Hurricane Katrina.
One can plan for disasters all day long, but when the excrement hits the ventilation device, all the plans go out the window, as anyone who’s ever been in the military will tell you, and the situation goes ad-hoc very fast. A proper disaster response must plan for this and leverage emergent, ad-hoc responses, Stephenson argued.
“Government can either capitalize on the technology and science of networks and treat the public as full partners in prevention and response, creating the conditions that would let emergent behavior flourish, or we will take matters into our own hands and circumvent government,” said Stephenson.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Bad Behavior has blocked 2530 access attempts in the last 7 days.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Toby
Jun 28, 2006
For more construtive feedback regarding this rather inept view of the internet structure, visit the comments on Digg:
Who Restarts the Net
As you will shortly find out, the internet is a very robust system and while subsections may go dark, the system recovers very quickly and placing control into the hands of a single individual is both difficult and poorly thought out.
Keith L. Dick
Jun 28, 2006
Interesting read, I have never even thought about what would happen in this situation in fact it’s never crossed my mind but now I’ll have to give it some thought…
Thanks for sharing…
the dude
Jun 28, 2006
this is the dumbest thing i ever heard of, the internet is designed to router around problems and keep running, site will come up slower, but they will still come up
creeper
Jun 28, 2006
The dude is right. YOUR site or local provider may be affected but thats it. talk about a big time gov. money grab at the stupid masses. PT Barnum will live forever.
Jun 28, 2006
Ben Balbo » Quick - we need to backup the Internet!
doxx
Jun 28, 2006
Wow, this is stupid! The Internet is operated by thousands of people, they have huge network operation centers to watch over their network investments and teams of people that respond on call 24/7. If something happened that caused a global Internet outage, those people and teams would be working much fasater than the president could say, “evil”.
Having the .gov involved with anything that is related to the Internet is just asking to fuck it up and make it recover slower than Floridians on a Sunday morning.
WhatTheH
Jun 28, 2006
All I want to know is who restarts myspace and can someone shoot him!
BigJo
Jun 28, 2006
Let the private sector recover the internet in the event of a major
catastrophy. We’ve already seen how the government (National, State
and Local) handle disasters . . . Katrina etc.
Jun 28, 2006
kalyank.net » Who restarts the Internet after a cyber Katrina?
nobody
Jun 28, 2006
Only without redundancy there is a problem.
Brian
Jun 28, 2006
Speaking of Stupidity… you obviously have no idea how the internet works. Its redundant, any datacenter of marginal or better importance has full time admins with beepers who can be called if there is a problem, and there is no centralization. Who’s fearmongering now?
adam
Jun 28, 2006
Wow, this article is a joke. Nothing new to add from the comments above, but yeah, as someone who makes all of his money from the internet, and is posting from a datacenter, any talk from the government, about a cyber katrina, cyber 911, or anything else that stupid ‘threatening our nations security’, has another agenda in mind. The ironic part is that agenda could be the very threat to the security and freedom of the nation.
steve
Jun 28, 2006
First off, Katrina DID hit the United States… and the internet was unaffected.
If catastrophic meteors were to take out all US-based backbone DNS sites the internet would slow down for a while, but the rest of it would come back around.
And besides, if that much death and destruction came about there’d be more pressing matters than checking Digg.
Malfoy
Jun 29, 2006
I think you guys over estimate the resilence of the internet. Remember not too long ago,May 2005, Google’s DNS hit a glitch and ALL of Google’s domain names were unavailable for long enough to cause some serious concerns among the google faithful(meaning it was more than a few minutes.) Those who knew Google’s ip were fine, but how many people keep that bit of information lying around. Now last time I checked, Google was no small fry in 2005 and a mere GLITCH made him invisible to majority of the internet. GOOGLE, THE KING OF SEARCH, WASNT AVAILABLE TO THE MASSES. And that was because of a GLITCH. If that’s all it takes to make Google ‘disappear’, then a well planned attack on the internet can make a lot more things ‘disappear’. I’m not saying take down large amounts of sites, that is one approach but probably a dumb one. Keep the sites standing but if a group can make a DNS ‘glitch’ similar to what happened to Google happen on a much larger scale? Then the internet to all but the few hardcore who keep ips of every site they frequent has ceased to exist.
I think we should make note of how ISPs (at least US ones) are capable and some are complying with routing all internet traffic to the NSA so they can do a check. Ok, so now we know it is possible to route all internet traffic to a particular point with relevative easy. If its that easy to route and track, it can not be that hard to shut it down at the same points. It’s just a matter of finding and ‘attacking’ these points.
The internet coming to a halt? Not likely but far from impossible. It takes only a few key moves to bring down the internet. It will take probably a few more than that to bring it back and prevent the same exploit from happening again.
Michael Hampton
Jun 29, 2006
I know quite well how the Internet works, and I think the idea that Homeland Security needs to help companies recover their portions of it is quite stupid.
Which is why it appears here at Homeland Stupidity.
Unfortunately more than a few people can’t seem to read, and got the opposite impression. That sort of stupidity is a bit beyond my ability to deal with…
JG
Jun 29, 2006
Seriously, the government in the internet is not a good idea. The private sector will shoulder the internet outages just fine. It happens every day.
MM
Jun 29, 2006
There is no centralization of “The Internet”. It is comprised of individual sites and providers. This ‘global internet attack’ scenario is not possible! due to this very nature.
Therefore, I conclude it is a bad idea to have ALL traffic go through a central government agency…because then it WOULD be possible to have a cenral US Based attack. (not global)
blah
Jun 29, 2006
Homeland Security help someone? What a joke.
Bog
Jun 29, 2006
The whole reason the internet was invented in the first place was so that the DoD could communicate during and after a nuclear war. In other words, the net was specifically designed to handle catastrophes of the largest magnitude.
and Malfoy- that google dns problem was scheduled. They intentionally did that. There was no “glitch”. And it was down for less than 15 mins.
Nixer6
Jul 02, 2006
If the internet is so robust, why do I read about DOS attacks that
completely shut down large web sites. I am more concerned about
specific attacks on vital National Interests, Power Grids, the DoD,
the NRO etc. How about the military parts system? Banks and
financial transactions.
Sep 18, 2006
Homeland Security not ready for Cyber Storm - Homeland Stupidity