The Roundtable report identified major gaps in the U.S. response plans to restore the Internet:
* Inadequate Early Warning System – The U.S. lacks an early warning system to identify potential Internet attacks or determine if the disruptions are spreading rapidly.
* Unclear and Overlapping Responsibilities – Public and private organizations that would oversee recovery of the Internet have unclear or overlapping responsibilities, resulting in too many institutions with too little interaction and coordination.
* Insufficient Resources – Existing organizations and institutions charged with Internet recovery should have sufficient resources and support. For example, little of the National Cyber Security Division (NCSD)’s funding is targeted for support of cyber recovery.
In its report, the Roundtable concluded that these gaps mean that the U.S. is not sufficiently prepared for a major incident that would lead to disruption of large parts of the Internet and the economy.
Karl Brondell, who heads up the Cyber Security Working Group of the 160-member Business Roundtable, an association of CEOs at leading companies, presented a group report to the Federal Financial Management Subcommittee, saying the nation lacks coordination between the public and private sectors in the event of an internet outage.
The report, "Essential Steps Toward Strengthening America's Cyber Terrorism Preparedness," found major holes in planning, including an inadequate warning system to identify possible internet attacks, unclear responsibilities among public and private partners should an incident occur and unsatisfactory resources to recover from an attack.
The Business Roundtable is on the right track when they recommend that a public-private partnership be established to address these vital issues. What is important to remember is that this will be difficult and almost impossible to achieve on a national level. The interdependencies of our Critical Infrastructures including the Internet are a regional issue. This requires a public-private dialogue and coordination with metro areas and tri or quad state regions. Only when you have the exercises and the testing locally will each party better understand their own vulnerability. This is when each company or city realizes the necessary planning for supply chain redundancy and the criticality of logistics strategy.
The CEO's can talk and publish reports yet it will be the operational risk professionals, contingency planners and emergency managers who do the heavy lifting. They are the people who are making a difference everyday to make our country more resilient to the impact of major economic and public safety threats. These are the people who are "doing" and still not "talking".