Risk
3/21/2011
04:00 PM
Connect Directly
LinkedIn
Google+
Twitter
RSS
E-Mail
50%
50%

How Wall Street Works With The Feds

Banks and other financial firms learn to share sensitive cybersecurity information with federal agencies.

For the most part, the relationship between the federal government and financial services industry isn't one built on mutual trust. The government has been criticized for being too hands-off, even permissive, but it's hardly a close-knit partnership.

When it comes to cybersecurity, however, the dynamic is different. Financial services companies are sharing information about sensitive IT security issues with the government, and federal agencies are sharing data and intelligence on cybersecurity threats with banks, brokerage firms, and other Wall Street institutions.

The broker of this public-private exchange is the Financial Services Information Sharing and Analysis Center (FS-ISAC). Created in 1999 after a presidential directive called for information sharing between the feds and the private sector, FS-ISAC has a security operations center and a Web portal that its members use to monitor computer threat feeds from a variety of commercial and government sources.

FS-ISAC members use the portal to submit details on cyberattacks they have experienced, including how the attacks were detected and their companies responded. Submissions to the portal, for example, might provide the IP addresses associated with the source of attempted intrusions, and they often center on topics such as fraud activity and malware analysis. This information is shared within the industry, as well as with the Treasury Department, FBI, Secret Service, and Department of Homeland Security.

FS-ISAC isn't a government entity, nor is it overseen by a federal agency. It's a nonprofit owned by its private-sector member companies and run by a board of directors drawn from its membership.

The Web portal serves as a clearinghouse of information such as alerts and bulletins from US-CERT and the Homeland Security and threat feeds from security vendors such as VeriSign. FS-ISAC also uses it to send bulletins with best practices and other information to members.

The portal can be customized to present the alerts and advisories of most interest to members. Dan DeWaal, first VP and chief security officer with Options Clearing Corp. (OCC), the world's largest equity derivatives clearinghouse and a founding member of FS-ISAC, says his information security team monitors threats and system vulnerabilities, while his business continuity team examines feeds that deal with physical and operational issues.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3594
Published: 2014-08-22
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.