But could repeated warnings about such non-events eventually make critical infrastructure owners deaf to DHS's warnings? InfoWorld Senior Editor Paul F. Roberts recently chatted with John Carlson, senior director of security and risk Assessment at BITS, a financial-services industry consortium focused on security, fraud, and risk management, about the DHS warning and state of the public-private partnership on cybersecurity.
InfoWorld: I'm guessing that your members received the US-CERT warning about the cyber terrorist attack?
John Carlson: There were two messages sent: the first was [Nov. 30]; then a second revision came out [Dec. 1]. The gist of it was that these reports were not corroborated.
IW: What was the reaction of BITS members to the warning?
JC: Our members have an "all hazards" approach to business-continuity planning. They've got well-developed approaches that have been bolstered since 9/11. In response to new regulatory requirements, firms have done a lot to improve backup, they've done tests with the various exchanges. They're also working in closer harmony with the federal government to share information on threats and vulnerabilities. I think there's a spirit of appreciation that the government is willing to share information with the financial services industry. The firms take that information into account in responding and activating their business continuity plans.