Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
2. Objective<br />
The objective <strong>of</strong> this paper is to demonstrate how FSSCC research challenges relate to the NIPP R&D plans <strong>and</strong> programs, as<br />
well as to demonstrate the aspects in which they differ. Because this paper combines the opinions <strong>of</strong> subject matter experts<br />
in homel<strong>and</strong> security <strong>and</strong> financial services, the resulting recommendations will meet the needs <strong>of</strong> both constituencies. It is<br />
intended that DHS should use this information to tweak its projects to directly address the CI/KR research needs <strong>of</strong> the financial<br />
services industry. Consequently, the future direction <strong>and</strong> scope <strong>of</strong> the NIPP research program will align more closely with<br />
the proposed FSSCC research challenge. For example, in the next version <strong>of</strong> the NIPP, DHS may add new R&D areas <strong>of</strong> focus<br />
that are in the FSSCC document but are not in the current NIPP. In addition, they may be included in the financial services sector-specific<br />
infrastructure protection plan.<br />
The FSSCC underst<strong>and</strong>s that all sectors have been requested to share their R&D plan with DHS to facilitate similar gap analyses<br />
across sectors. Were all sectors to perform gap analyses similar to that <strong>of</strong> this document, it would be easier for DHS to align<br />
its overall R&D program with the needs <strong>of</strong> other sectors as well. The FSSCC is committed to participating in any activity that<br />
renders a DHS R&D program that is consistent across sectors, between critical sectors, <strong>and</strong> the overall NIPP program.<br />
3. Approach<br />
The 2006 NIPP approach to conducting research <strong>and</strong> development <strong>and</strong> using technology is described section 6.3 <strong>of</strong> the NIPP.<br />
It highlights three areas <strong>of</strong> planning <strong>and</strong> program activities that are intended to allocate protection resources where they can<br />
best mitigate risk: (1) the NIPP R&D <strong>Plan</strong>, (2) the Federal <strong>Plan</strong> for Cyber Security R&D, <strong>and</strong> (3) R&D <strong>and</strong> planning efforts<br />
conducted by the <strong>Sector</strong>-<strong>Specific</strong> Agencies (SSAs). This FSSCC research agenda identifies challenges that are the central focus <strong>of</strong><br />
R&D <strong>and</strong> planning efforts conducted by the financial services SSA, the <strong>Department</strong> <strong>of</strong> the Treasury. This document compares<br />
the FSSCC research challenges to the overall NIPP R&D program.<br />
Central to this comparison is a matrix (see appendix A) that shows the relationship between the FSSCC R&D research challenges<br />
items <strong>and</strong> the NIPP R&D program. The matrix is intended to demonstrate that choosing a financial industry R&D<br />
challenge item as a focus area for research in pursuit <strong>of</strong> NIPP R&D goals will provide research opportunities that are both welldefined<br />
<strong>and</strong> fertile. The rows <strong>of</strong> the matrix identify the eight FSSCC R&D challenges. Most <strong>of</strong> the columns <strong>of</strong> the table show the<br />
areas <strong>of</strong> research promulgated in the NIPP. The last four columns are R&D areas contemplated in the FSSCC program but not<br />
included in the NIPP.<br />
Columns labeled A-I are headed with NIPP themes (described in section 6.3.3.2 <strong>and</strong> appendix 6). Columns labeled J-M are<br />
labeled with other NIPP R&D areas (described in section 6.5 <strong>and</strong> appendix 6). Columns labeled N-Q are labeled with financial<br />
sector technology requirements for R&D (referred to in section 6.3.3.4) that are not R&D focus areas in the current NIPP.<br />
Where there is a letter in the cell at the intersection <strong>of</strong> an FSSCC research challenge <strong>and</strong> an R&D area, it is meant to assert that a<br />
focus on the FSSCC research challenge as a subject <strong>of</strong> research in the corresponding NIPP R&D area would provide immediate<br />
benefit to the <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>. Because the benefit would be a well-defined measure <strong>of</strong> success in the R&D effort,<br />
such benefit would facilitate problem solving not only in the financial services industry, but also in any industry that requires<br />
progress in that R&D area to solve its own problems. In each case, a brief statement <strong>of</strong> the reason for this assertion is included<br />
in the “Research Guidance” section that follows the matrix. The guidance in that section identifies the focus area <strong>of</strong> intersection<br />
between the FSSCC research challenge <strong>and</strong> the NIPP R&D area listed in the column heading. That is, the note labeled with the<br />
letter in the cell corresponding to the R&D area for which the FSSCC research challenge should be a subject <strong>of</strong> the intersecting<br />
NIPP R&D area focus is meant to convey the benefit <strong>of</strong> using the FSSCC research challenge as a focus area for that research area.<br />
In addition, R&D focus on the eight FSSCC research challenges will help contribute to, <strong>and</strong> benefit from, the attainment <strong>of</strong> the<br />
NIPP R&D long-term strategic goals, namely:<br />
6 <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>-<strong>Specific</strong> <strong>Plan</strong>