Financial industry welcomes Obama cybersecurity plans

Financial industry welcomes Obama cybersecurity plans

US President Barack Obama has signed a cybersecurity executive order designed to improve collaboration and information sharing between the government and critical infrastructure providers such as banks.

Obama signed the 'improving critical infrastructure cybersecurity' order ahead of his State of the Union address this week, during which he warned that America's enemies are "seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems".

"We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy," he told Congress, urging it to pass laws to back up his plans.

In response, the House Intelligence Committee said it planned to revive its Cyber Intelligence Sharing and Protection Act (Cispa), which has been criticised in the past by privacy groups.

Committee chairman Mike Rogers says: "This is clearly not a theoretical threat - the recent spike in advanced cyber attacks against the banks and newspapers makes that crystal clear. American businesses are under siege. We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats."

Only last week the US Federal Reserve Bank confirmed that an internal database of US bank contacts was hacked just days after the Anonymous collective leaked the names, addresses and other personal information of around 4000 bank executives.

The executive order brings in new information sharing programs to provide both classified and unclassified threat and attack information to US companies. It also expands the 'enhanced cybersecurity services program', enabling near real time sharing of threat information.

In addition, the National Institute of Standards and Technology (Nist) will lead the development of a framework of cybersecurity practices. Nist will work with banks, utilities and others to develop the framework, relying on existing international standards, practices, and procedures. The framework guidance will be technology neutral and promote a competitive market for products and services.

The order has been broadly welcomed by the financial services industry. American Bankers Association CEO Frank Keating says "we look forward to continuing to work with the administration and Congress toward our mutual goal of protecting our nation's critical assets".

Sifma's Kenneth Bentsen adds: "We welcome the Administration's effort to increase the amount of information sharing between the public and private sectors and remain committed to working with policymakers to keep our markets and market participants safe. The executive order is a step in the right direction."

Across the Atlantic, the European Union has been outlining its own cybersecurity plan. The EU is demanding that member states establish well funded and staffed network and information security strategies and develop cooperation mechanisms.

It also says that operators of critical infrastructures in important sectors - such as financial services, transport, energy, health - must adopt risk management practices and report major security incidents on their core services.

Comments: (0)