Cyber Response Assumptions Part II - Not all Critical Infrastructure Receives Similar Priority

To continue the discussion about cyber response to national emergencies (or even local or regional emergencies - although the concept of a cyber event being contained to a local or regional emergency seems to fly in the face of the whole 'borderless' nature of cyberspace).

Here's the first of the previous assumptions:

- Assumption #1 - Not all components of the national infrastructure (or world's infrastructure) should receive equal priority in a response effort.

This appears to be implicit. Naturally, not all government agencies, commercial organizations, public works, or other entities should have the same priority in a response to a cyber event. It makes sense that Joe's Shoe Store is not treated with the same level of urgency that the major regional hospital would be if they were both impacted by the same event in the same region at the same time. Protecting life and limb takes precedence over comfortable feet every time.

But we live in a world where those bright lines are not always easily defined.

When you give it some serious thought, how could you rack and stack the importance of the following organizations, assuming they are all impacted by a particular cyber event at the same time and are all in dire need of assistance (from the government and from their commercial providers):

- Baltimore Gas and Electric
- Johns Hopkins Medical Center
- The Port of Baltimore
- Legg Mason
- Bank of America
- Exxon's Baltimore Refinery
- Litecast/Balticore (a local ISP which serves a lot of these organizations)
- The Baltimore Police Department
- The Baltimore Fire Department
- etc.
Things get pretty difficult pretty fast. Health care or financial sector? Utility company or hospital? Emergency services or transportation?
 
It's quite difficult.

Unfortunately, the best way to date we have had in defining who would be first in line to receive service centers around money and the Service Level Agreement. The more you pay to your providers, the faster you get back online. But that approach grew from an era when the availability of an organization's cyber assets was really only directly related to the success or failure of that organization - not related directly to national security, public safety, or other 'greater good' issues.

But that SLA mentality simply doesn't work anymore. It stands to reason that an organization (or set of organizations) should be doing major coordination in each region, as well as nationally, to work with local service providers to create the appropriate response plans for local, regional, and national emergencies.

It makes sense for that organization to be the Department of Homeland Security, with a lot of help and support from the Information Sharing and Analysis Centers.

I think they are going down that path now. If not, I hope they start very, very soon.