Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Finance</strong> <strong>Sector</strong>, the private sector participants are responsible for establishing business continuity <strong>and</strong> protection programs. The<br />
Treasury <strong>Department</strong> <strong>and</strong> the other FBIIC members individually assist the private sector by setting policy to improve sector resilience.<br />
The FBIIC <strong>and</strong> FSSCC members also conduct FBIIC/FSSCC outreach meetings throughout the country, aimed at educating<br />
<strong>and</strong> informing the public <strong>and</strong> private sector participants about emergency response programs, cyber attacks, emergency management,<br />
<strong>and</strong> communications programs. In 2005, the FBIIC/FSSCC outreach meetings occurred in more than 25 cities, while the<br />
2006-2007 meetings will reach 37 cities. The current meeting cycle encourages sector participants to coordinate during a crisis<br />
<strong>and</strong> promotes the idea <strong>of</strong> a regional financial coalition when the private sector participants find a need for such a mechanism.<br />
Training <strong>and</strong> exercises are central components <strong>of</strong> maintaining the financial services sector’s resilience before, during, <strong>and</strong> after<br />
an incident. The Treasury, the FBIIC, <strong>and</strong> the FSSCC work together to conduct exercises aimed at testing the preparedness <strong>and</strong><br />
resilience <strong>of</strong> the sector. As the SSA, the Treasury routinely coordinates communications tests for information sharing between<br />
the FBIIC <strong>and</strong> the FSSCC to ensure that communications protocols will work efficiently <strong>and</strong> effectively during an incident.<br />
The Treasury also sponsored exercises for regional financial coalitions in 2004, 2005, <strong>and</strong> 2006, such as ChicagoFIRST <strong>and</strong><br />
FloridaFIRST, which tested the sector’s resilience <strong>and</strong> response to physical threats <strong>and</strong> p<strong>and</strong>emic influenza.<br />
The FSSCC, the FS-ISAC, <strong>and</strong> several <strong>of</strong> its members, participated in a regional exercise, Cyber Tempest, which took place in<br />
November 2006, in conjunction with several northeastern States, Government agencies, <strong>and</strong> multiple ISACs to explore interdependencies<br />
<strong>and</strong> to assure effective <strong>and</strong> efficient communications channels <strong>and</strong> protocols are in place for incident response.<br />
In addition, the FSSCC is working with academia to develop a cyber syllabus to address specific needs <strong>of</strong> the <strong>Banking</strong> <strong>and</strong><br />
<strong>Finance</strong> <strong>Sector</strong>’s information technology infrastructure.<br />
8.3 Implementing the <strong>Sector</strong> Partnership Model<br />
All <strong>of</strong> the sector partners must work together continually to promote <strong>and</strong> maintain the sector partnership model to ensure that<br />
the sector is resilient. In the <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>, the FBIIC <strong>and</strong> the FSSCC serve as the public <strong>and</strong> private participants in<br />
the sector partnership model at the national level. (See section 1.2 for details.)<br />
Currently, the FBIIC <strong>and</strong> the FSSCC meet at least three times per calendar year in both separate sessions <strong>and</strong> joint meetings. In<br />
the separate sessions, both the FBIIC <strong>and</strong> the FSSCC conduct committee business. When the FBIIC <strong>and</strong> the FSSCC meet jointly,<br />
the committees discuss a range <strong>of</strong> issues, including emergency protocols, information-sharing mechanisms, educational<br />
programs, sector training, <strong>and</strong> the sector’s dependence on other sectors. In addition to these meetings, the committee working<br />
groups meet throughout the year as is warranted based upon issues that impact the sector.<br />
On a regional basis, financial firms across the country have formed <strong>and</strong> continue to form regional coalitions to facilitate this<br />
interaction; the regional partnerships have formed a RPC FIRST. Representatives <strong>of</strong> RPC FIRST meet quarterly <strong>and</strong> attend FSSCC<br />
meetings on a quarterly basis.<br />
8.4 Information Sharing <strong>and</strong> Protection<br />
Information sharing is an important aspect <strong>of</strong> the sector partnership model. In the <strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>, there are three<br />
different <strong>and</strong> complementary information-sharing mechanisms for the sector: the FBIIC, the FSSCC, <strong>and</strong> the FS-ISAC. Each<br />
<strong>of</strong> these organizations gathers information regarding the status <strong>of</strong> the sector <strong>and</strong> shares that information both within their<br />
organizations <strong>and</strong> with other organizations as appropriate. The FBIIC, the FSSCC, <strong>and</strong> the FS-ISAC have established emergency<br />
response protocols to communicate to the SSA, their members, <strong>and</strong> to each other during an incident. Furthermore, sector trade<br />
associations have developed information-sharing protocols to provide their specific members with appropriate <strong>and</strong> timely<br />
<strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>-<strong>Specific</strong> <strong>Plan</strong>