US ill-prepared for "cyber Katrina"

The US has never experienced a massive internet outage but a coalition of dynamic chief executives said on Friday the nation must do more to prepare for that prospect.

The cautionary document was a product of the Business Roundtable, whose 160 corporate members include companies ranging from HP, IBM and Sun Microsystems to Coca-Cola and General Motors. All told, the group's high-rolling membership counts $4.5tr in annual revenues, more than 10 million employees, and nearly a third of the total value of the US stock market.

Experts remain divided on the likelihood that a "cyber Katrina" will occur, as the roundtable itself acknowledges. But many sectors of the economy continue to urge the government to be better prepared, should such an event happen.

Without proper planning, myriad industries - from healthcare to transportation to financial services - could face devastation if a natural disaster, terrorist or hacker succeeds in disrupting net access, they charged.

The report said: "There is no national policy on why, when and how the government would intervene to reconstitute portions of the internet or to respond to a threat or attack." Private-sector companies may have individual readiness plans but they aren't prepared to work together on a wide scale to restore normal activity, the businesses said.

The report called for the government to take a number of actions, including:

• setting up a global advance-warning mechanism, akin to those broadcasted for natural disasters, for internet disruptions

• issuing a policy that clearly defines the roles of business and government representatives in the event of disruptions

• establishing formal training programmes for response to cyber disasters

• allotting more federal funding for cyber security protection

The US Computer Emergency Readiness Team, or US-Cert, which bears primary responsibility for co-ordinating responses to cyber attacks, receives on average $70m per year, or about 0.2 per cent of the entire US Department of Homeland Security budget, the report noted.

The suggestions drew praise from the Cyber Security Industry Alliance. That organisation, composed of computer security companies, has long been lobbying for additional actions in the cyber security realm by Congress and the Bush administration.

Paul Kurtz, the alliance's executive director, said: "A massive cyber disruption could have a cascading, long-term impact without adequate co-ordination between government and the private sector. The stakes are too high for continued government inaction."

US Homeland Security has borne the brunt of the criticism for alleged inaction, though the agency did lead a mock cyber attack and response earlier this year. An analysis of that exercise is expected this summer.

Anne Broache writes for CNET News.com