MIS Quarterly Executive


The digital age has transformed how organizations function. The production and delivery of essential goods and services is now highly dependent on the global information infrastructure: the complex and interconnected telecommunications networks and information systems owned and operated by a multitude of discrete organizations. Yet, this amorphous entity is beyond the control of individual organizations. This paper presents Dark Screen, a scenario-based exercise for identifying and assessing resources and capabilities useful in protecting the information infrastructure. One community¡¯s experience with Dark Screen offered three main observation: (1) there was a low level of awareness regarding information infrastructure interdependencies and vulnerabilities among the exercise participants, (2) the participating organizations had no process or mechanism for coordinating interorganizational responses to a cyber security incident, and (3) the communications channels for disseminating information before and during a cyber security incident were ill defined. In today¡¯s environment, organizations need to broaden their view of cyber security. The self-protection model, where each organization only deploys a perimeter defense around its own boundaries, is no longer adequate. The three recommendations for management from the Dark Screen exercise are: (1) view cyber security as a business issue, not a technology issue, (2) broaden your cyber security mindset to include the information infrastructure your organization depends on but does not control, and (3) join collaboration efforts to coordinate cyber security regionally, if not nationally.