One of the issues I've been discussing as part of various critical infrastructure protection forums is the need for "all hazard" outage information. Treating Internet security as just a law-enforcement issue can warp your perception. Unless you have a good view into all the other things which can wreck Internet availability, it is difficult to gauge the impact of a malicious activity versus "normal" outages. I don't completely understand the data. The impact of the Baltimore train wreck shows up very clearly. Traffic returns to nearly normal by 6am the next morning. But then degrades again the following the day (i.e. "Worm day"). I don't have access to the raw data, so I can't tell if there are differences between carriers with fiber in the Howard tunnel and other carriers. Did congestion increase the following day due to the reduced bandwith the following day, or was it consumed by the worms propagation. http://www.keynote.com/press/html/special_worm_update.html One of the unique things IOPS/Kelly Cooper have been trying to include in the ISP-ISAC, which the other ISAC are lacking, is an outage reporting component. Currently the Internet does have a clear point of contact for dealing with these events. Even if your company is already joining other ISACs, if you are an Internet provider, I hope you look into and consider working with the ISP-ISAC. See the last NANOG conference web page for a copy of the proposal. The "all hazard" aspect makes things more complicated, but I think it significantly enhances the usefullness of the ISP-ISAC.
participants (1)
-
Sean Donelan