A quote from the DHS's recently released report about their Cyberstorm exercise in Feb: http://www.dhs.gov/interweb/assetlibrary/prep_cyberstormreport_sep06.pdf Finding 3: Correlation of Multiple Incidents between Public and Private Sectors. Correlation of multiple incidents across multiple infrastructures and between the public and private sectors remains a major challenge. The cyber incident response community was generally effective in addressing single threats/attacks, and to some extent multiple threats/attack. However, most incidents were treated as individual and discrete events. Players were challenged when attempting to develop an integrated situational awareness picture and cohesive impact assessment across sectors and attack vectors. And a question: Do network operators have something to learn from these DHS activities or do we have best practices that the DHS should be copying? --Michael Dillon