Is it time for an disruption analysis working group for the Internet?

pete@kruckenberg.COM (Pete Kruckenberg) writes:

How is this handled in other networked industries? I'm sure that the same
issues of proprietary information and public humliation exist there; how
do they deal with it?

Other industries, e.g. electric, airline, nuclear, telephone, railroad,
banking, etc, tend to have two different reporting regimes. One for
'major events,' and one for 'near misses.'

For major events, the issues of proprietary information and public
humiliation tend to be less. Mainly because everyone already knows you
had a major event (e.g. three-mile island, at&t nationwide failure) and
the company's and industry's goals tends to focus on restoring public
confidence. This seems to be true no matter what the root cause of the
problem. After a major event, company records tend to get opened either
voluntarily or involuntarily anyway. So most companies prefer the P.R.
of saying they are cooperating fully with investigators. Although as
NASA found out, sometimes you get a Richard P. Feynman on the board,
who doesn't always follow the company line.

I think, for some definition of major events, it should be possible to
get cooperation from a large number of service providers. Once the event
has happend, it is usually in their self-interest to participate in the
process. Of course, there will be a few service providers who won't
participate on principle or because of internal disorganization. But
that's what the press is for....

For near-misses, the reporting parties tend to be individuals (a.k.a.
whistleblowers) and confidentiality is more important due to the retribution
even accurate information receives. And in general, 'near misses' don't
attract much attention because by definition, the crisis didn't happen.

I think any type of near miss reporting and analysis will be very difficult.

I could rant about the U.S. Government's plans in this area are, but that
is a different mailing list.