Cyber Storm Findings

Gadi Evron ge at
Thu Sep 14 11:57:03 UTC 2006

On Thu, 14 Sep 2006 Michael.Dillon at wrote:
> A quote from the DHS's recently released report about their Cyberstorm 
> exercise in Feb:
> Finding 3: Correlation of Multiple Incidents between Public and Private 
> Sectors. Correlation of multiple incidents across multiple infrastructures 
> and between the public and private sectors remains a major challenge. The 
> cyber incident response community was generally effective in addressing 
> single threats/attacks, and to some extent multiple threats/attack. 
> However, most incidents were treated as individual and discrete events. 
> Players were challenged when attempting to develop an integrated 
> situational awareness picture and cohesive impact assessment across 
> sectors and attack vectors.
> And a question:
> Do network operators have something to learn from these DHS activities
> or do we have best practices that the DHS should be copying?

On the level of response and mitigation on networks, they have a lot to
learn. On coordinated response and strategic view of situations across
networks, we all definitely can learn from them, only that I don't believe
such issues affect the work of individual network operators to that level.

"Is my network up and running?"

Is the Internet up and running or is my competitor up and running is
secondary until the point where it affects you.

I don't see it as a bad thing, as that's the job description, but that
will become more apparent in the future.

> --Michael Dillon

More information about the NANOG mailing list