Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• In 2003, BITS <strong>and</strong> SIA drafted Considerations for the Financial Services Industry: Actions Relevant to the Homel<strong>and</strong> Security Advisory<br />
System on behalf <strong>of</strong> the FSSCC;<br />
• In July 2004 when a credible threat was discovered which targeted financial services firms, the Treasury <strong>Department</strong> <strong>and</strong> the<br />
sector followed information-sharing <strong>and</strong> notification protocols. Furthermore, other firms in the vicinity <strong>of</strong> these targeted<br />
institutions employed internal protocols to increase protective measures in response to the heightened threat level;<br />
• During 2004, the FSSCC produced suggested practices for sector members to use in protective programs, including p<strong>and</strong>emic<br />
planning;<br />
• In 2004, the FBIIC <strong>and</strong> the FSSCC conducted its first phase <strong>of</strong> outreach meetings in 29 cities. At the end <strong>of</strong> the second phase<br />
in 2007, the outreach meetings will have reached 37 cities;<br />
• In the first quarter <strong>of</strong> 2005, the Treasury <strong>Department</strong>, BITS, <strong>and</strong> ChicagoFIRST published a h<strong>and</strong>book on how to create<br />
regional organizations similar to ChicagoFIRST;<br />
• In 2005 during Hurricane Katrina, the FS-ISAC provided reporting <strong>of</strong> the storm’s predicted path well in advance <strong>of</strong> the hurricane<br />
hitting l<strong>and</strong>fall. These reports included information on the potential impacts to transportation, telecommunications,<br />
water, health care, <strong>and</strong> financial services closings, as well as assistance strategies;<br />
• In 2006, the FSSCC developed a Disaster Response Protocol for sharing information between the public <strong>and</strong> private sectors<br />
<strong>and</strong> rapid dissemination <strong>of</strong> information between organizations within the financial services sector;<br />
• In 2006, the FS-ISAC developed <strong>and</strong> implemented threat advisory levels for both physical <strong>and</strong> cyber attacks to provide sectorspecific<br />
threat warning to member institutions;<br />
• During 2006, the Treasury <strong>Department</strong> <strong>and</strong> members <strong>of</strong> the FBIIC completed an updated vulnerability assessment <strong>of</strong> the sector;<br />
• In November 2006, the Multi-State ISAC reported evidence <strong>of</strong> a brute-force cyber attack originating from Chinese IP source<br />
addresses. In response, the FS-ISAC shared member submissions with DHS <strong>and</strong> other ISACs, providing additional details <strong>and</strong><br />
recommendations. As a result, the two IP source addresses were identified quickly <strong>and</strong> blocked;<br />
• Throughout 2006, the FBIIC <strong>and</strong> the Treasury <strong>Department</strong> conducted two separate protective-response planning exercises<br />
with two different systemically critical members <strong>of</strong> the sector;<br />
• The Treasury <strong>Department</strong> sponsored <strong>and</strong> participated in regional preparedness exercises with ChicagoFIRST members <strong>and</strong><br />
Federal, State, <strong>and</strong> local law enforcement <strong>and</strong> first responders in July 2004, June 2005, <strong>and</strong> December 2006; <strong>and</strong><br />
• The Treasury <strong>Department</strong> leads quarterly testing <strong>of</strong> the emergency communications system <strong>of</strong> the FBIIC.<br />
Develop <strong>and</strong> Implement Protective Programs