Groups call for improved cyber-COOP preparedness

The United States is unprepared for a crippling natural or man-made disaster that would disable large parts of the nation’s cyber infrastructure, according to a new report from a prominent business group. The report also states the nation lacks an adequate continuity-of-operations (COOP) plan for restoring the Internet.

“If there’s a cyber disaster, there is no emergency number to call and no one in place to respond because our nation simply doesn’t have the kind of coordinated plan in place that we need to restart and restore the Internet,” said Edward Rust Jr., chairman and chief executive officer of State Farm Insurance Companies. He is leader of the cybersecurity working group of the Security Task Force at the Business Roundtable, an association of CEOs of large American companies.

“Government and industry must work together to beef up our cybersecurity and recovery efforts,” Rust said.

The country lacks an early warning system to identify potential attacks or track their spread, the June 23 report states. Private and public institutions often have unclear and overlapping responsibilities and too little coordination between them. The report also states that organizations and agencies responsible for cyber-COOP don’t have enough resources.

The Roundtable's report argues that the private sector must take the lead to prepare for and respond to disasters affecting wide swaths of cyber infrastructure.

The report made several recommendations, including:

* The federal government should better define roles and responsibilities of the private and public sectors.

* The federal government should fund long-term cyber-COOP programs and make sure that national response plans take major Internet disruptions seriously.

* Companies should revise their strategic plans to include responses to large-scale disruptions of Internet access, goods and services.

* Companies should make restoring Internet service and official communications a high priority in response plans.

* The federal government should fund a public-private panel of experts to help develop effective cyber-COOP plans. As part of that, the Homeland Security Department and industry should perform large-scale cyber emergency exercises and incorporate lessons learned from them into programs and procedures.

“We need a national response to this challenge, not separate business government responses,” said John Castellani, the Roundtable’s president. “Most important, we must start immediately. Because of the widespread consequences of a massive cyber disruption, our nation cannot wait until an incident occurs to start planning the response.”

Other information technology industry groups lauded the report.

The report “breaks the problem down to a simple statement: We are not prepared,” said Paul Kurtz, executive director of the Cyber Security Industry Alliance. “The report makes clear that information systems are essential and that a massive cyber disruption could have a cascading, long-term impact without adequate coordination between government and the private sector.”