Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
– The Treasury <strong>Department</strong> acquired $2 million in services from the FS-ISAC which had the added benefit <strong>of</strong> creating the<br />
next generation FS-ISAC by increasing the protective functions <strong>of</strong> sharing <strong>and</strong> distributing information among the FS-ISAC<br />
members, <strong>and</strong> improving the tracking <strong>and</strong> measurement <strong>of</strong> the FS-ISAC’s performance.<br />
– The FS-ISAC has provided the following deliverables on behalf <strong>of</strong> the sector:<br />
• Worked closely with the other ISACs in the development <strong>of</strong> a Framework for Operational Information/Intelligence<br />
Sharing Between the ISACs. The purpose <strong>of</strong> this framework is to provide a useful operational guide for encouraging<br />
broad participation in information sharing among <strong>and</strong> between all public-private critical infrastructure sectors;<br />
• Implemented a crisis communications system to notify all <strong>of</strong> its members within less than 1 hour <strong>of</strong> an emergency. This<br />
system has been modified to include a subgroup <strong>of</strong> all the FSSCC members;<br />
• Developed a searchable database <strong>of</strong> past <strong>and</strong> current incidents, vulnerabilities, <strong>and</strong> threat data, along with an extensive<br />
e-library <strong>of</strong> important security <strong>and</strong> infrastructure protection documents; <strong>and</strong><br />
• Developed threat vulnerability <strong>and</strong> incident management best practices.<br />
• Regional partnerships share information pertinent on a local level to address specific local needs <strong>and</strong> establish relationships<br />
on a local level with key decisionmakers. The number <strong>of</strong> these regional partnerships continues to exp<strong>and</strong> <strong>and</strong> have provided<br />
the following activities:<br />
– Coordinate the Federal <strong>and</strong> State response to regional financial sector crises. One example includes partnering with<br />
ChicagoFIRST <strong>and</strong> the Chicago Office <strong>of</strong> Emergency Management <strong>and</strong> Communications.<br />
– Developed a h<strong>and</strong>book based on the ChicagoFIRST model to foster regional associations <strong>of</strong> financial services firms that<br />
address CIP issues at the State, local, <strong>and</strong> tribal levels.<br />
– Formed <strong>and</strong> continue to grow a council <strong>of</strong> regional partnerships, called RPC FIRST, to foster collaboration, share best<br />
practices, <strong>and</strong> coordinate with the FSSCC <strong>and</strong> the FBIIC.<br />
– Conduct exercises with local emergency management <strong>of</strong>ficials <strong>and</strong> State <strong>and</strong> Federal <strong>of</strong>ficials on areas <strong>of</strong> threat to the<br />
region.<br />
• Protective response planning exercises with the Treasury <strong>Department</strong> <strong>and</strong> several private sector financial institutions focus<br />
on an explicit threat to a systemically critical financial institution. These exercises provide financial institutions <strong>and</strong> local law<br />
enforcement with a protective response plan, through joint programs that include first responders;<br />
• Information from various cyber protection alert services is shared <strong>and</strong> disseminated through established communication<br />
protocols;<br />
• Collaborative relationships with law enforcement <strong>and</strong> intelligence communities monitor new <strong>and</strong> emerging threats to mitigate<br />
those threats <strong>and</strong> vulnerabilities;<br />
• A research agenda addresses sector-specific goals. (See section 7 for details);<br />
• A joint initiative with the National Infrastructure Advisory Council on the P<strong>and</strong>emic Prioritization Initiative ensures that<br />
critical financial services functions continue in the event <strong>of</strong> p<strong>and</strong>emic influenza; <strong>and</strong><br />
• Regular meetings <strong>of</strong> the Infectious Disease Forum. This Forum, which was established by the FSSCC <strong>and</strong> is led by the<br />
Securities Industry <strong>and</strong> Financial Markets Association (SIFMA), provides a venue for the FSSCC members to collaborate<br />
among themselves <strong>and</strong> with members <strong>of</strong> the FBIIC <strong>and</strong> with other sectors upon which the <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong> is<br />
dependent.<br />
Develop <strong>and</strong> Implement Protective Programs