On Thu, 14 Sep 2006 Michael.Dillon@btradianz.com wrote:
A quote from the DHS's recently released report about their Cyberstorm exercise in Feb: http://www.dhs.gov/interweb/assetlibrary/prep_cyberstormreport_sep06.pdf
Finding 3: Correlation of Multiple Incidents between Public and Private Sectors. Correlation of multiple incidents across multiple infrastructures and between the public and private sectors remains a major challenge. The cyber incident response community was generally effective in addressing single threats/attacks, and to some extent multiple threats/attack. However, most incidents were treated as individual and discrete events. Players were challenged when attempting to develop an integrated situational awareness picture and cohesive impact assessment across sectors and attack vectors.
And a question: Do network operators have something to learn from these DHS activities or do we have best practices that the DHS should be copying?
On the level of response and mitigation on networks, they have a lot to learn. On coordinated response and strategic view of situations across networks, we all definitely can learn from them, only that I don't believe such issues affect the work of individual network operators to that level. "Is my network up and running?" Is the Internet up and running or is my competitor up and running is secondary until the point where it affects you. I don't see it as a bad thing, as that's the job description, but that will become more apparent in the future.
--Michael Dillon