In Event of Big Web Disruption, U.S. Is Ill-Prepared, Study Says
By VAUHINI VARA
June 23, 2006; Page B2
The U.S. is poorly prepared for a major disruption of the Internet,
according to a study that an influential group of chief executives will
publish today.
The Business Roundtable, composed of the CEOs of 160 large U.S. companies,
said neither the government nor the private sector has a coordinated plan
to respond to an attack, natural disaster or other disruption of the
Internet. While individual government agencies and companies have their
own emergency plans in place, little coordination exists between the
groups, according to the study.
"It's a matter of more clearly defining who has responsibility," said
Edward Rust Jr., CEO of State Farm Mutual Automobile Insurance Co., who
leads the Roundtable's Internet-security effort.
Isn't the point of the Internet that no one is in charge?
I shudder to think what would happen under large scale attack if one of the CEOs in that room had "responsibility" for the correct functioning of the "Internet".
This definitely falls into the "Just Doesn't Get It" category.
At one of my old jobs, my boss honestly believed that we had a 'switch' that turned the entire internet off or on. When she was having problems accessing her shopping sites, she'd storm in the office and say something like 'did you guys turn the the internet off again?' <sigh>
Then again, this is the same person that tried to tell me that 768 OC-192s are carried on a single DS1..
The Business Roundtable, composed of the CEOs of 160 large U.S. companies,
said neither the government nor the private sector has a coordinated plan
to respond to an attack, natural disaster or other disruption of the
Internet. While individual government agencies and companies have their
own emergency plans in place, little coordination exists between the
groups, according to the study.
"It's a matter of more clearly defining who has responsibility," said
Edward Rust Jr., CEO of State Farm Mutual Automobile Insurance Co., who
leads the Roundtable's Internet-security effort.
[...]
Thus explainith why CEOs should not be responsible for this. I wonder if their CIOs or other techies have ever tried to explain the concept of a "CERT" to them.
Now THAT is impressive compression! I don't know what your former company did, but they should focus on selling that compression technology. The buffers must be enormous!
-Robert
Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin
Infinite compression is easy, if you use a sufficiently lossy compression
algorithm. Ask anybody who's talked to a journalist for an hour, and ends
up as a one-sentence misquote.....
Date: Fri, 23 Jun 2006 11:33:43 -0400
From: Robert Boyle
Now THAT is impressive compression! I don't know what your former company
did, but they should focus on selling that compression technology.
Irrational numbers can be described in finite space, yet extend
indefinitely with no discernable pattern. Perhaps said company has
found a way to map arbitrary infinite-length data streams to short,
simple representations a la "digits 'x' through 'y' of pi".
(Note smiley. This is tongue-in-cheek commentary on entropy.)
Now we are all allowed the occasional fun at the management lacking a clue - but come on.
The users have an expectation that their “access to the Internet” works like a utility. When you say the “power is shut off” you don’t expect to expand on whether the power grid in your state had a cascading failure but people on the other coast still have power and when your “water supply is shut off” does not mean that all the people in the world can’t get a drop.
It just means that her “Internet is off” and as far as she is concerned the whole Internet/Power/Water supply might as well be “off”
p.s
768 OC-192s worth of Internet traffic can indeed be carried on a single DS1 if the "Internet is off "
The Business Roundtable, composed of the CEOs of 160 large U.S.
companies,
said neither the government nor the private sector has a coordinated
plan
to respond to an attack, natural disaster or other disruption of the
Internet. While individual government agencies and companies have their
own emergency plans in place, little coordination exists between the
groups, according to the study.
I don't believe that this is entirely true. I think that
there is a lot of coordination between companies at an
industry level, for instance the automotive industry or
the financial services industry. This coordination doesn't
get much visibility outside of the industry concerned
but that doesn't mean that it isn't there. In fact, I
strongly suspect that visibility of this coordination
does not often reach the CEO level in these companies
because much of the coordination is between specialist
groups within the companies. Does your CEO know that
you participate in NANOG?
One might even venture to suggest that there is no
point in coordinating emergency plans between companies
who have little or no direct business relationships
unless it is at a metropolitan level, i.e. New York
area businesses, Los Angeles area businesses. After
all, why should NY businesses plan for earthquakes
and why should LA plan for a hurricane?
Ya know... Personally, I think that it isn't really necessary to have
an "internet disaster plan"
Thats one of the nice things about the 'net. Everyone is responsible
for their own piece of it and whenever there is an event (ala Katrina)
multiple people work to restore their own infrastructure. The end
result is that companies a) have their own disaster recovery plans
with make up large parts of what people are refering to here and b)
the normal processes of service restoration (most notably in the
circuit providers) means that any "wound" to the internet will heal
itself in relatively short order. Sure, it won't be impact free, but
it doesn't really require any special planning either.
Recall that there was a meeting of FAA officials after 9/11 to discuss
wether a procedure (not "what" but "wether") should be put into place
for grounding aircraft if such a thing became necessary again. The end
result of the discussions was that it was determined that such an
event is so out of the scale of ordinary that to implement a specific
procedure would probably harm efforts instead of helping them; that
the experience and knowledge of the individual controllers along with
a little creativity was the most efficient mechanism for accomplishing
such a task.
I think something similar applies to a large scale disruption of the
internet. Picture Kansas City disappearing one morning along with all
the SONET gear and routers therein. That sort of thing is not
something that can be adequately planned for but ultimately other
paths will be found and it won't take altogether long to get to
something like 75% service restoration. The independant efforts of
individuals and individual companies will probably be the best
mechanism for repairing any injury to the 'net.
What needs to be in place are lines of communication between these indviduals and their management, both within and beteen companies and authorities. Much can be accomplished by information spreading regarding what equipment is lacking etc.
If everybody just agrees to fix it all, and deal with the commercial issues afterwards, wonders can be achieved in very short time. But will, authority, communication and information need to exist.
The biggest example I can think of was during the worst storm in the last 50 years here in sweden, there was much devistation in telecommunications and power, most of it power related (power lines torn down). In the EU there are contingency plans to handle this and countries can request help from other countries to get access to their disaster relief equipment such as generators etc. What DOES need to be in place is for someone to pay for transportation of this equipment. The head of the swedish state agency to handle these didn't have authority and budget to pay for the transportation, so he had to call and more or less beg one of the power companies to pay for this. This delayed the delivery of the equipment by some time, totally unnecessary.
So a very important part of disaster planning is "how do we communicate with everybody involved?" and "what are our authorities regarding money and resources". If there is a will, there is a way
The buffers must be enormous!
