All hazard Internet security

One of the issues I've been discussing as part of various
critical infrastructure protection forums is the need
for "all hazard" outage information. Treating Internet
security as just a law-enforcement issue can warp your
perception. Unless you have a good view into all the
other things which can wreck Internet availability, it is
difficult to gauge the impact of a malicious activity
versus "normal" outages.

I don't completely understand the data. The impact of the
Baltimore train wreck shows up very clearly. Traffic
returns to nearly normal by 6am the next morning. But then
degrades again the following the day (i.e. "Worm day"). I
don't have access to the raw data, so I can't tell if there
are differences between carriers with fiber in the Howard
tunnel and other carriers. Did congestion increase the following
day due to the reduced bandwith the following day, or was it
consumed by the worms propagation.

One of the unique things IOPS/Kelly Cooper have been trying
to include in the ISP-ISAC, which the other ISAC are lacking,
is an outage reporting component. Currently the Internet does
have a clear point of contact for dealing with these events.

Even if your company is already joining other ISACs, if you
are an Internet provider, I hope you look into and consider
working with the ISP-ISAC. See the last NANOG conference
web page for a copy of the proposal. The "all hazard" aspect
makes things more complicated, but I think it significantly
enhances the usefullness of the ISP-ISAC.