Private sector responsible for infrastructure protection planning

“Do not count on the government…. You need to be self-sufficient. The government is not going to save you.” Who said that — a Libertarian candidate for president? A anarchist agitator? No. These words were uttered by Scott Lewis Weber, former senior counsel to DHS secretary Michael Chertoff. The occasion was the RSA security conference which opened Tuesday. As if to underline the importance of the topics discussed, Tuesday also saw a massive denial-of-service attack directed at three of the Internet’s root DNS servers — .mil, .info, and .bus. Luckily, there were contingency plans in place to meet such an attack so the disruption of the 54 Gbps attack, which lasted for several hours, was minimal.

The attack did help highlight the importance of advance planning, attention to detail, and running tests of the continuity-of-operations plans. Weber said that much of the responsibility for plans to protect the continuity of the U.S. critical infrastructure resides with the private sector, and private organizations cannot rely on the government to come to their rescue in the event of an emergency.

The government does have a role, though, as outlined in the second version of the National Infrastructure Protection Plan (NIPP). NIPP’s Emergency Support Function (ESF) offers a procedure for releasing federal money to states for the restoration of communications systems in the event of a disaster. The program was originally intended to protect the nation’s telecommunication infrastructure, but the convergence of voice and data onto the same IP networks has blurred the distinction between telecomm and computer networks. ESF is being updated accordingly.

-read more in William Jackson’s GCN report