Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
6.1.1 Developing <strong>Sector</strong>-<strong>Specific</strong> Metrics<br />
As the SSA for the <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>, the Treasury <strong>Department</strong> will work within the public-private partnership <strong>of</strong> the<br />
FBIIC <strong>and</strong> the FSSCC to create suitable sector metrics. Measurements <strong>of</strong> the resilience efforts in a large <strong>and</strong> diverse sector such<br />
as the <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong> are difficult to quantify using st<strong>and</strong>ard business measurements. Therefore, a one-size-fits-all<br />
approach would be inapplicable to all aspects <strong>of</strong> the sector <strong>and</strong> also would weaken creativity <strong>and</strong> vitality in the sector, which<br />
would harm the Nation’s overall economy.<br />
As evidenced by previous sections <strong>of</strong> this document, the Treasury <strong>Department</strong> has already done significant work in developing<br />
<strong>and</strong> collecting descriptive <strong>and</strong> process metrics. The Treasury <strong>Department</strong> will continue to develop <strong>and</strong> collect meaningful<br />
outcome <strong>and</strong> baseline metrics <strong>and</strong> measurements that are relevant for the sub-sectors within the <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>.<br />
The Treasury <strong>Department</strong>, working with the FBIIC <strong>and</strong> the FSSCC, has created the following process to develop metrics for the<br />
Baking <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong> to address the security goals outlined in section 2.<br />
Goal 1: To maintain its current strong position <strong>of</strong> resilience, risk management, <strong>and</strong> redundant systems in the face <strong>of</strong><br />
a myriad <strong>of</strong> intentional, unintentional, manmade, <strong>and</strong> natural threats, the Treasury <strong>Department</strong>, as the SSA, will work<br />
with the appropriate members <strong>of</strong> the FBIIC <strong>and</strong> the FSSCC to determine:<br />
• The appropriate number <strong>of</strong> joint meetings for the FBIIC <strong>and</strong> the FSSCC;<br />
• The need <strong>and</strong> appropriate number <strong>of</strong> outreach meetings to financial services representatives across the country;<br />
• The number <strong>of</strong> private sector firms that qualify under the National Security <strong>and</strong> Emergency Preparedness guidelines for<br />
GETS, WPS, <strong>and</strong> TSP;<br />
• The level <strong>of</strong> support for regional financial partnerships;<br />
• The level <strong>of</strong> support for RPC FIRST, the council <strong>of</strong> the regional partnerships;<br />
• The percentage <strong>of</strong> assets that receive physical <strong>and</strong> cyber security alerts, either directly or indirectly through the FS-ISAC;<br />
• The success <strong>of</strong> the testing schedule for the FS-ISAC’s CINS;<br />
• The appropriate coordination <strong>of</strong> the HSIN into the information-sharing structure for the sector;<br />
• The level <strong>of</strong> participation in national <strong>and</strong> regional exercises to test <strong>and</strong> enhance the resilience <strong>of</strong> the financial services sector<br />
<strong>and</strong> level <strong>of</strong> support or outreach for such exercises;<br />
• The portions <strong>of</strong> the sector that conduct protective-response planning exercises for critical financial infrastructures;<br />
• The success <strong>of</strong> tests conducted to strengthen the response protocols for the FBIIC <strong>and</strong> the FSSCC;<br />
• The portion <strong>of</strong> financial services sector participants that develop <strong>and</strong> test business continuity plans;<br />
• The appropriate review <strong>and</strong> update processes by the Treasury <strong>Department</strong> <strong>and</strong> the FBIIC agencies for asset data on the sector;<br />
• The appropriate level <strong>of</strong> security clearances for members <strong>of</strong> the FSSCC to participate in briefings on threats to the sector; <strong>and</strong><br />
• The success <strong>of</strong> the annual industry-wide business continuity planning test conducted by FSSCC members SIFMA, the Futures<br />
Industry Association, <strong>and</strong> the Financial Information Forum. These annual tests are part <strong>of</strong> an ongoing industry initiative to<br />
test the ability <strong>of</strong> primary securities market participants to operate through a significant emergency. The test, which includes<br />
both buy-side <strong>and</strong> sell-side participation, demonstrates <strong>and</strong> verifies the capacity <strong>of</strong> firms, markets, <strong>and</strong> utilities to continue<br />
functioning <strong>and</strong> communicating during an emergency by using backup sites, recovery facilities, <strong>and</strong> backup communications<br />
across the industry.<br />
<strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>-<strong>Specific</strong> <strong>Plan</strong>