The Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security (FSSCC), in its first annual report, detailed significant progress in identifying and reducing physical and cyberspace vulnerabilities, and ensuring the overall resiliency of the nation's financial services infrastructure to withstand terrorist or criminal attacks.
FSSCC, a network of financial trade associations and private firms representing thousands of financial services organisations, works closely with the U.S. Department of Treasury, financial regulators and other government agencies to coordinate the private sector's preparation for events that could disrupt the normal business of the financial services industry.
"Over the past year, FSSCC has achieved an unparalleled level of coordination and action planning to safeguard our financial services infrastructure," said Donald Donahue, sector coordinator and chairman of the FSSCC. "These efforts build on the individual initiatives of financial service firms that have been underway since September 11, 2001, and they represent the industry's ongoing strategies for ensuring sector-wide preparedness.
"While the public and Congress should have greater confidence based on the progress that's been made, we understand this process is ongoing and requires continued vigilance," he said. "This annual report is intended merely to provide some insight on our activities, without compromising safety and security."
"This report shows the outstanding progress the Financial Services Sector Coordinating Council has made in protecting the critical infrastructure in 2004," said D. Scott Parsons, deputy assistant secretary of the treasury for critical infrastructure protection and compliance policy. "Don Donahue and the members of the FSSCC are to be commended for their efforts in enhancing the resilience of the financial sector. The close cooperation between Treasury and the FSSCC exemplifies the public-private partnership that President Bush called for in his strategies to protect the nation's critical infrastructures."
Among the accomplishments of FSSCC, its member organisations and financial services firms in 2004 were:
- Expanding the level of ongoing coordination, strategic action planning and sharing of "best practices" on business continuity initiatives among a broadly diverse group of financial industry organizations and government agencies.
- Enhancing financial sector-wide preparedness for communication and collaboration in a crisis.
- Improving the resiliency of the financial sector's own telecommunications networks to ensure connectivity and recoverability.
Among some of the specific sector accomplishments cited by the report in 2004 were:
Coordination and Planning
Increased membership in the Financial Services/Information Sharing and Analysis Center (FS/ISAC) during the year. FS/ISAC membership grew more than 1,300%, from 66 members to nearly 1,000 by year-end, thanks in part to a number of efforts by FSSCC members and FSSCC itself, as well as FS/ISAC's own marketing efforts. FS/ISAC provides a 24-hour, seven-day-a-week center that can assist financial firms in fighting cyber and physical threats. Coordination of extensive "table-top exercises" to simulate how the sector might respond to particular events. These table-top exercises were broadened in 2004 to assess cross-sector response, as well as responses between the private and public sector.
Improved resiliency to the sector's telecommunications capabilities, through dissemination of "best practices" information by BITS/Financial Services Roundtable and other groups, and improvements to the sector's own networks operated by the Securities Industry Automation Corporation (SIAC), The Depository Trust & Clearing Corporation (DTCC), The Clearing House (TCH) and SWIFT. Extensive business continuity testing, with the Futures Industry Association (FIA) coordinating the first industry-wide test for the futures industry and the Securities Industry Association (SIA) managing ongoing tests between the securities industry participants.
Completion of a sector-wide consolidated and coordinated crisis management call list. Implementation of emergency centers and links to government crisis management structures. Examples of that were the SIA's emergency command center in New York City and the ChicagoFIRST organization with Illinois and the city of Chicago's emergency structure.
FSSCC also made available to its members and the general public on its Web site a number of reports dealing with a wide range of topics, including how financial organisations can deal with "phishing" (the use of fraudulent emails designed to obtain account information from consumers), improving telecommunications resiliency, and addressing and identifying vulnerabilities in financial firms' information technology infrastructures. Those reports were written by a number of different organisations, including BITS (the Financial Services Roundtable's technology arm), the Payments Risk Committee of the Federal Reserve Bank of New York, and the National Security Telecommunications Advisory Committee, to name a few.