Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• Identify voluntary efforts where improvements in coordination can foster sector preparedness for CIP/HLS;<br />
• Establish <strong>and</strong> promote broad sector activities <strong>and</strong> initiatives that improve CIP/HLS, such as addressing interdependencies<br />
among the financial <strong>and</strong> other sectors;<br />
• Identify barriers <strong>and</strong> recommend initiatives to improve the sharing <strong>of</strong> information <strong>and</strong> knowledge among the financial<br />
services sector; <strong>and</strong><br />
• Improve sector awareness <strong>of</strong> CIP/HLS issues, sector activities/initiatives, <strong>and</strong> opportunities for improved coordination.<br />
The Treasury <strong>Department</strong> also works with private sector institutions by conducting response planning exercises. These exercises,<br />
which in the past have included law enforcement, Government, <strong>and</strong> intelligence agencies, coordinate response <strong>and</strong> communication<br />
among Federal, State, local, <strong>and</strong> tribal first responders to specific institutions.<br />
The joint successes <strong>of</strong> the FBIIC <strong>and</strong> the FSSCC include the following:<br />
• Suggestions for financial institutions for different threat conditions under the Homel<strong>and</strong> Security Advisory System. This<br />
document was originally developed by FSSCC members BITS <strong>and</strong> Securities Industry Association (SIA);<br />
• Exchange <strong>of</strong> information <strong>and</strong> best practices for critical infrastructure protection issues;<br />
• Post-incident analysis <strong>of</strong> cyber attacks <strong>and</strong> other disruptive events, such as the Northeast Blackout <strong>of</strong> 2003 <strong>and</strong> Hurricane<br />
Katrina in 2005, to improve Government <strong>and</strong> private sector remediation <strong>and</strong> response;<br />
• Development <strong>of</strong> an integrated set <strong>of</strong> crisis management calls <strong>and</strong> actions across the sector; <strong>and</strong><br />
• Several protective response exercises with the private sector to improve public <strong>and</strong> private emergency preparedness <strong>of</strong> critical<br />
financial institutions.<br />
FS-ISAC<br />
The Treasury <strong>Department</strong> also works closely with the FS-ISAC, 13 one <strong>of</strong> the oldest private information-sharing initiatives in the<br />
United States. The FS-ISAC was set up as the financial sector response to the requirements <strong>of</strong> Presidential Decision Directive 63<br />
(Protecting America’s Critical Infrastructures) in May 1998.<br />
The mission <strong>of</strong> the FS-ISAC, in collaboration with the Treasury <strong>Department</strong> <strong>and</strong> the FSSCC, is to enhance the ability <strong>of</strong> the<br />
financial services sector to prepare for <strong>and</strong> respond to cyber <strong>and</strong> physical threats, <strong>and</strong> vulnerabilities <strong>and</strong> incidents, <strong>and</strong> to serve<br />
as the primary communications channel for the sector.<br />
The FS-ISAC is the designated operational arm <strong>of</strong> the FSSCC <strong>and</strong> supports the protection <strong>of</strong> the U.S. financial services sector by<br />
providing assistance to both the FSSCC <strong>and</strong> the Treasury to identify, prioritize, <strong>and</strong> coordinate the protection <strong>of</strong> critical financial<br />
services, infrastructure service, <strong>and</strong> key resources; <strong>and</strong> to facilitate sharing <strong>of</strong> information pertaining to physical <strong>and</strong> cyber<br />
threats, vulnerabilities, incidents, <strong>and</strong> potential protective measures <strong>and</strong> practices.<br />
The FS-ISAC has identified the following strategic objectives to accomplish its mission:<br />
• Provide an effective forum for information sharing within the financial services sector, with other critical infrastructure <strong>and</strong><br />
key resources (CI/KR) organizations, <strong>and</strong> with the U.S. Government;<br />
• Identify critical financial services sector operational support issues <strong>and</strong> requirements <strong>and</strong> articulate those to the Treasury <strong>and</strong><br />
DHS;<br />
13 As outlined in the National Strategy to Secure Cyberspace (February 2003), information sharing <strong>and</strong> analysis centers (ISACs) are the cornerstone <strong>of</strong> industry<br />
information sharing, www.whitehouse.gov/pcipb.<br />
6 <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>-<strong>Specific</strong> <strong>Plan</strong>