June 23, 2006 12:40 PM PDT

U.S. unprepared for Net meltdown, blue chips warn

The United States has never experienced a massive Internet outage, but a coalition of dynamic chief executives said Friday that the nation must do more to prepare for that prospect.

The cautionary document (click here for PDF) was a product of the Business Roundtable, whose 160 corporate members include companies ranging from Hewlett-Packard, IBM and Sun Microsystems to General Motors, Home Depot and Coca-Cola. All told, the group's high-rolling membership counts $4.5 trillion in annual revenues, more than 10 million employees and nearly a third the total value of the U.S. stock market.

Experts remain divided on the likelihood that a "cyber Katrina" will occur, as the round table itself acknowledges. But many sectors of the economy continue to urge the government to be better prepared should such an event occur.

Without proper planning, myriad industries--from health care to transportation to financial services--could face devastation if a natural disaster, terrorist or hacker succeeded in disrupting Net access, they said.

"There is no national policy on why, when and how the government would intervene to reconstitute portions of the Internet or to respond to a threat or attack," the report said. Private-sector companies may have individual readiness plans, but they aren't prepared to work together on a wide scale to restore normal activity, the businesses said.

The report called for the government to take a number of actions:

• Set up a global advance-warning mechanism, akin to those broadcasted for natural disasters, for Internet disruptions

• Issue a policy that clearly defines the roles of business and government representatives in the event of disruptions

• Establish formal training programs for response to cyberdisasters

• Allot more federal funding for cybersecurity protection

The U.S. Computer Emergency Readiness Team, or US-CERT, which bears primary responsibility for coordinating responses to cyberattacks, receives on average $70 million per year, or about 0.2 percent of the entire U.S. Department of Homeland Security budget, the report noted.

The suggestions drew praise from the Cyber Security Industry Alliance. That organization, composed of computer security companies, has long been lobbying for additional actions by Congress and the Bush administration in the cybersecurity realm.

"A massive cyberdisruption could have a cascading, long-term impact, without adequate coordination between government and the private sector," said Paul Kurtz, the alliance's executive director. "The stakes are too high for continued government inaction."

Homeland Security has borne the brunt of the criticism for alleged inaction, though the agency did lead a mock cyberattack and response earlier this year. An analysis of that exercise is expected this summer.

See more CNET content tagged:
cyberattack, sector, government, IBM Corp., U.S.

4 comments

Join the conversation!
Add your comment
Um,
why can't they do it? They obviously have the resources and the will and the know how, why must those who botched the Katrena (sic) aftermath be allowed to botch something else?
Posted by jmmejzz (107 comments )
Reply Link Flag
Talking in feel-good generalities
The vague generalities about internet outages mentioned here make it clear that either CNET or the government don't have a clear idea about what the issues would be, and I'm betting the government is the naive party.

Any net outage is going to be primarily an infrastructure issue, such as widespread line destruction from a storm, or localized removal of heavily-used nodes, possibly from hackers. The first of these is clearly the area the government should worry itself about, but given the non-response to Katrina, won't for at least the remainder of the Bush Dark Ages. The second is not an easy problem to fix given that the internet itself is a patchwork of private servers allowing themselves to be used as switching stations for other private servers, but that characteristic seems to make the net pretty well self-mending. During the 9/11 attacks when the loss of servers in the World Trade Center shut down local web traffic in the Northeast we were able to get our news and information from less local sources with servers elsewhere.

The one type of attack that could be most damaging and also under some form of government control/protection would be against the banks of DNS servers that make the whole system possible. My understanding is that most of these physically exist in just a few locations and physically destroying at least one facility might hurt web access for a few days, though even then I doubt the damage would be so long-lasting as to bankrupt mega-corporations.

Homeland security should in principle examine this type of issue but should do so with enough technical expertise to see that it isn't a huge threat and that the few non-hardware threat scenarios can be handled easily with a little redundancy. The internet is not a centralized network and is therefore difficult to disrupt in any significant or long-term way.
Posted by Razzl (1318 comments )
Reply Link Flag
Hehehe
See... This shows how dumb companies are.. That is why the internet aka ARPANET!!! Is designed to withstand nuclear attack by not being centralized.. That's why arpa was designed in the first place.. So , in reality, the net might continue chugging along after we're gone like a cockroach... But then again we need to make sure that the net is not centralized for that reason.. As the old saying goes.. "Never put all your eggs in one basket.."
Posted by nzamparello (60 comments )
Reply Link Flag
ARPANET
The orignal project was called ARPANET, and as more and more corporations connected their networks to it, it grew to the "King of Networks" or Internet. Now, it's a mall.
Posted by thedreaming (573 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.