Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
7. CI/KR Protection R&D<br />
7.1 Overview <strong>of</strong> <strong>Sector</strong> R&D<br />
At the request <strong>of</strong> the Treasury, the FSSCC joined DHS in a May 2005 workshop focused on R&D priorities. As DHS was finalizing<br />
the NIPP R&D plans <strong>and</strong> programs, the FSSCC formed an R&D Committee to further develop plans <strong>and</strong> programs that<br />
would provide the most significant benefits with respect to the specific CI/KR requirements <strong>of</strong> the financial services sector.<br />
In June 2006, this committee issued a list <strong>of</strong> research challenges that provide information security pr<strong>of</strong>essionals with tools for<br />
addressing known vulnerabilities in the sector. 30<br />
7.2 <strong>Sector</strong> R&D Requirements<br />
Extensive networks <strong>of</strong> information technology systems support the <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>. These systems are composed<br />
<strong>of</strong> networks, servers, mainframes, operating systems, <strong>and</strong> s<strong>of</strong>tware applications. The sector uses some <strong>of</strong> the most advanced<br />
technologies available to process billions <strong>of</strong> transactions each day, such as trade orders, clearing <strong>and</strong> settlements transactions,<br />
custody, account balances, <strong>and</strong> retail payments. Information systems may be rendered unavailable by either cyber or physical<br />
attacks. Compromises to the financial services sector’s information technology systems may affect sector operations <strong>and</strong> public<br />
trust <strong>and</strong> confidence in the U.S. economy.<br />
In addition to information technology systems, the <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong> is heavily dependent on telecommunications.<br />
Given a wide-scale disruption <strong>of</strong> the telecommunications infrastructure, the <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong> likely would be unable<br />
to maintain critical voice <strong>and</strong> data communications at the level necessary to assure continuity <strong>of</strong> critical operations. Because <strong>of</strong><br />
the interdependencies <strong>of</strong> financial services sector participants, a localized disruption that impacts a systemically critical organization<br />
also may result in cascading disruptions <strong>of</strong> trading, settlement, <strong>and</strong> payment activities across the country <strong>and</strong> in foreign<br />
markets.<br />
The FSSCC R&D Committee identified eight areas that may present significant issues to the ability <strong>of</strong> the financial sector to meet<br />
its challenges in the coming years. The areas are:<br />
• Secure Financial Transaction Protocol (SFTP);<br />
• Resilient Financial Transaction System (RFTS);<br />
• Enrollment <strong>and</strong> Identity Credential Management;<br />
• Suggested Practices <strong>and</strong> St<strong>and</strong>ards;<br />
30 This document includes an appendix to the SSP entitled “FSSCC R&D Challenges.”<br />
CI/KR Protection R&D