Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
work <strong>of</strong> the SSA <strong>and</strong> various public <strong>and</strong> private sector participants, including the FBIIC agencies <strong>and</strong> the FSSCC members, as it<br />
relates to the sector metrics <strong>and</strong> security goals.<br />
Goal 1: To maintain its current strong position <strong>of</strong> resilience, risk management, <strong>and</strong> redundant systems in the face <strong>of</strong><br />
a myriad <strong>of</strong> intentional, unintentional, manmade, <strong>and</strong> natural threats, the Treasury <strong>Department</strong>, as the SSA, will work<br />
with the appropriate members <strong>of</strong> the FBIIC <strong>and</strong> the FSSCC to:<br />
• Conduct at least three joint meetings per year <strong>of</strong> the FBIIC <strong>and</strong> the FSSCC;<br />
• Conduct an appropriate number <strong>of</strong> joint meetings <strong>of</strong> working groups <strong>of</strong> the FBIIC <strong>and</strong> the FSSCC, such as the Infectious<br />
Disease Forum;<br />
• Sponsor, organize, <strong>and</strong> encourage participation at outreach meetings to financial services representatives across the country<br />
regarding infrastructure protection issues, including how the FBIIC <strong>and</strong> the FSSCC operate as national partnerships <strong>and</strong> how<br />
regional coalitions are an important part <strong>of</strong> the national strategy;<br />
• Sponsor private sector firms that qualify under the National Security <strong>and</strong> Emergency Preparedness guidelines for GETS, WPS,<br />
<strong>and</strong> TSP;<br />
• Encourage the formation <strong>of</strong> new regional partnerships to share information pertinent on a local level, provide opportunities<br />
for institutions to address specific local needs, <strong>and</strong> establish relationships on a local level with key decisionmakers;<br />
• Support RPC FIRST to foster collaboration, share best practices, <strong>and</strong> coordinate with the FSSCC <strong>and</strong> the FBIIC;<br />
• Evaluate the percentage <strong>of</strong> assets that receive physical <strong>and</strong> cyber security alerts, either directly or indirectly through the<br />
FS-ISAC. The Treasury <strong>Department</strong> will consult with the FS-ISAC to determine the number <strong>of</strong> firms that receive physical <strong>and</strong><br />
cyber security alerts either directly or through trade associations. Currently, there are 1,961 direct links from the FS-ISAC to<br />
financial institutions <strong>and</strong> an estimated 11,000 indirect links through member associations;<br />
• Test the FS-ISAC’s Critical Infrastructure Notification System (CINS) on a regular basis. As a matter <strong>of</strong> practice, the FSSCC<br />
members who are not members <strong>of</strong> FS-ISAC receive CINS notifications in the event <strong>of</strong> a FSSCC emergency;<br />
• Work with DHS to appropriately coordinate the Homel<strong>and</strong> Security Information Network (HSIN) into the information-sharing<br />
structure for the sector;<br />
• Participate in national <strong>and</strong> regional exercises to test <strong>and</strong> enhance the resilience <strong>of</strong> the financial services sector. For instance,<br />
the <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong> participated in Top Officials (TOPOFF) Exercise 3 <strong>and</strong> currently is assisting in the planning<br />
for TOPOFF Exercise 4. On a regional level, the Treasury <strong>Department</strong> has sponsored resilience exercises for ChicagoFIRST <strong>and</strong><br />
FloridaFIRST <strong>and</strong> currently is working with other regional partnerships for future exercises;<br />
• Conduct protective-response planning exercises for critical financial infrastructures. The Treasury <strong>Department</strong>, through the<br />
members <strong>of</strong> the FBIIC, will identify those firms that have participated in these types <strong>of</strong> exercises;<br />
• Conduct briefings for the public <strong>and</strong> private stakeholders on the latest intelligence <strong>and</strong> threat assessments;<br />
• Work with the sector participants to conduct tests to strengthen the response protocols for the FBIIC <strong>and</strong> the FSSCC;<br />
• Encourage the financial services sector participants to develop, enhance, <strong>and</strong> test business continuity plans. Financial regulators<br />
have created <strong>and</strong> m<strong>and</strong>ate stringent business recovery guidelines for their regulated institutions. In some cases the<br />
regulators, in their Interagency White Paper, have specified recovery timeframes for core clearing <strong>and</strong> settlement institutions<br />
(2 hours) <strong>and</strong> significant players (4 hours) in the event <strong>of</strong> a regional disaster;<br />
• Support the FSSCC Research <strong>and</strong> Development (R&D) initiative, which is researching how to make financial services systems<br />
more resilient against cyber threats;<br />
Develop <strong>and</strong> Implement Protective Programs