U.S. unprepared for Net meltdown, blue chips warn

Group of powerful companies in various sectors calls on federal government to beef up readiness efforts.

Anne Broache Staff Writer, CNET News.com

Anne Broache

covers Capitol Hill goings-on and technology policy from Washington, D.C.

Anne Broache

June 26, 2006 12:21 p.m. PT

2 min read

The United States has never experienced a massive Internet outage, but a coalition of dynamic chief executives said Friday that the nation must do more to prepare for that prospect.

The cautionary document (click here for PDF) was a product of the Business Roundtable, whose 160 corporate members include companies ranging from Hewlett-Packard, IBM and Sun Microsystems to General Motors, Home Depot and Coca-Cola. All told, the group's high-rolling membership counts $4.5 trillion in annual revenues, more than 10 million employees and nearly a third the total value of the U.S. stock market.

Experts remain divided on the likelihood that a "cyber Katrina" will occur, as the round table itself acknowledges. But many sectors of the economy continue to urge the government to be better prepared should such an event occur.

Without proper planning, myriad industries--from health care to transportation to financial services--could face devastation if a natural disaster, terrorist or hacker succeeded in disrupting Net access, they said.

"There is no national policy on why, when and how the government would intervene to reconstitute portions of the Internet or to respond to a threat or attack," the report said. Private-sector companies may have individual readiness plans, but they aren't prepared to work together on a wide scale to restore normal activity, the businesses said.

The report called for the government to take a number of actions:

• Set up a global advance-warning mechanism, akin to those broadcasted for natural disasters, for Internet disruptions

• Issue a policy that clearly defines the roles of business and government representatives in the event of disruptions

• Establish formal training programs for response to cyberdisasters

• Allot more federal funding for cybersecurity protection

The U.S. Computer Emergency Readiness Team, or US-CERT, which bears primary responsibility for coordinating responses to cyberattacks, receives on average $70 million per year, or about 0.2 percent of the entire U.S. Department of Homeland Security budget, the report noted.

The suggestions drew praise from the Cyber Security Industry Alliance. That organization, composed of computer security companies, has long been lobbying for additional actions by Congress and the Bush administration in the cybersecurity realm.

"A massive cyberdisruption could have a cascading, long-term impact, without adequate coordination between government and the private sector," said Paul Kurtz, the alliance's executive director. "The stakes are too high for continued government inaction."

Homeland Security has borne the brunt of the criticism for alleged inaction, though the agency did lead a mock cyberattack and response earlier this year. An analysis of that exercise is expected this summer.