WASHINGTON, DC, June 23, 2006 -- The United States is ill-prepared for a cyber catastrophe, with significant ambiguities in public and private sector responses that would be needed to restore and recover the Internet following a disaster, according to a new Business Roundtable report released today.

"Our nation's Internet and cyber infrastructure serve as a critical backbone for the exchange of information vital to our security and our economy, but our analysis has exposed a significant weakness that could paralyze the economy following a disaster," said Edward B. Rust Jr., Chairman and CEO, State Farm Insurance Companies and head of the Roundtable Security Task Force's working group on cyber security.

"If there's a cyber disaster, there is no emergency number to call -- and no one in place to respond because our nation simply doesn't have the kind of coordinated plan in place that we need to restart and restore the Internet," Rust added. "Government and industry must work together to beef up our cyber- security and recovery efforts."

The report -- Essential Steps Toward Strengthening America's Cyber Terrorism Preparedness -- is the culmination of a year's work by top businesses led by the Roundtable, an association of 160 CEOs of the nation's leading companies. Identifying ways to harden the Internet has been one of the main priorities of the Roundtable's Security Task Force because a properly functioning Internet is essential to the continuity of the nation's economy.

The report identifies cyber shortfalls similar to the disaster response problems that occurred following Hurricane Katrina, highlighting three significant gaps in response plans to restore the Internet:

* Inadequate Early Warning System -- The U.S. lacks an early warning system to identify potential Internet attacks or determine if the disruptions are spreading rapidly.

* Unclear and Overlapping Responsibilities -- Public and private organizations that would oversee recovery of the Internet have unclear or overlapping responsibilities, resulting in too many institutions with too little interaction and coordination.

* Insufficient Resources -- Existing organizations and institutions charged with Internet recovery should have sufficient resources and support. For example, little of the National Cyber Security Division (NCSD)'s funding is targeted for support of cyber recovery.

It concludes that the U.S. is not sufficiently prepared for a major attack, software incident or natural disaster that would lead to disruption of large parts of the Internet.

"If our nation is hit by a cyber Katrina that wipes out large parts of the Internet, there is no coordinated plan in place to restart and restore the Internet," said John J. Castellani, President of the Roundtable. "A cyber disaster could have immediate and nationwide consequences to our nation's security and economy, and we need to be better prepared. That's why advance copies of this report have been given to the Department of Homeland Security and Congressional leaders."

Recommendations Made for Government and Businesses to Detect and Respond to Cyber Disruptions

The report offers recommendations for government and business to improve identification and assessment of cyber disruptions, to coordinate responsibilities for Internet reconstitution, and to make needed investments in institutions with critical roles in Internet recovery.

Response and recovery to a cyber disaster will be different from natural disasters such as Hurricane Katrina, when the federal government had the leading role. Industry must undertake principal responsibility following an incident for reconstituting the communications infrastructure, including telephone, Internet and broadcast, the Roundtable report stated.

The Roundtable called on the federal government to establish clearer roles and responsibilities, fund long-term programs, and ensure that national response plans treat major Internet disruptions as serious national problems. For example, while the Administration says that it has authority to declare a cyber emergency and will consult with business leaders, the report notes it is not clear how this consultation will occur or what the factors are for declaring an emergency.

Recommendations for the private sector include urging companies to designate a point person for cyber recovery, update their strategic plans to prepare for a widespread Internet outage and the impact on movement of goods and services, and set priorities for restoring Internet service and corporate communications.

However, the Roundtable noted that the best preparedness for recovering from a cyber disaster will require government and the private sector to work together.

In one specific recommendation for public-private collaboration, the Roundtable urged creation of a federally-funded panel of experts who would assist in developing plans for restoring Internet services in the event of a massive disruption. In addition, the report suggests that the Department of Homeland Security and industry conduct large-scale cyber emergency exercises, with lessons learned integrated into programs and procedures.

"We need a national response to this challenge, not separate business and government responses -- and that means better collaboration," Castellani said. "Most important, we must start immediately. Because of the widespread consequences of a massive cyber disruption, our nation cannot wait until an incident occurs to start planning the response."

To view the report, please visit http://www.businessroundtable.org.

Business Roundtable (http://www.businessroundtable.org) is an association of chief executive officers of leading U.S. companies with over $4.5 trillion in annual revenues and more than 10 million employees. Member companies comprise nearly a third of the total value of the U.S. stock market and represent nearly a third of all corporate income taxes paid to the federal government. Collectively, they returned more than $110 billion in dividends to shareholders and the economy in 2005.

Roundtable companies give more than $7 billion a year in combined charitable contributions, representing nearly 60 percent of total corporate giving. They are technology innovation leaders, with $86 billion in annual research and development spending -- nearly half of the total private R&D spending in the U.S.