13 July 2017

INSA Proposes “FINnet” Information Sharing Program to Strengthen Financial Sector Cybersecurity

ARLINGTON, VA (June 21, 2017) – The real-time sharing of cyber threat data between government and key financial institutions would enhance the U.S. financial sector’s cybersecurity posture, according to a new position paper by the Intelligence and National Security Alliance (INSA). The report, prepared by INSA’s Financial Threats Task Force, proposes the establishment of a program for classified information sharing modeled on the Defense Industrial Base (DIB) Cybersecurity (CS) program, colloquially known as DIBnet. The white paper, FINnet: A Proposal to Enhance the Financial Sector’s Participation in Classified Cyber Threat Information Sharing, includes four recommendations for initial implementation and development.

“In our deliberations, the Task Force stressed the importance of establishing a system that strengthens public-private trust and enables government and industry to respond to financial threats in real time. This proposal is a crucial step toward protecting critical financial infrastructure against a sophisticated and rapidly evolving array of cyber threats,” said Rob Knake, one of the paper’s primary authors and the Whitney Shepardson senior fellow at the Council on Foreign Relations.

INSA recommends that members of the U.S. Intelligence Community (IC), the Department of Homeland Security (DHS), the Department of Treasury, the FBI, and the Secret Service launch a pilot program that initially includes the eight U.S.-chartered financial institutions named as “globally systemically important banks” by the Financial Stability Board (FSB). Partnering with these eight banks would demonstrate the value of the FINnet program to protecting vital financial institutions. The report also outlines a plan for expansion – potentially to the 22 FSB “systemically important” institutions – once value and confidence in the FINnet program are established.

Another recommendation is for the government to designate FINnet under the Cybersecurity Information Sharing Act (CISA), which would ensure that the financial institutions that participate are entitled to the full protections CISA offers, including liability protections and safeguards for privacy and civil liberties. Designation under CISA would allow the government to share classified cyber threat indicators and defensive measures in real time with the financial sector.

INSA recognizes that to enable robust classified information sharing, the financial sector must become better equipped to receive and store such information. INSA recommends the government develop a consistent and comprehensive strategy to help expand the cleared workforce within the financial sector. The strategy would include guidance to help private companies meet government requirements for protecting classified information without mandating changes to their operating structures.

INSA President Chuck Alsup said, “INSA works to share private sector expertise and experience to improve the efficiency of government. This white paper identifies a range of improvements which, if implemented, would enable the public and private sectors to share information and combat financial threats with a much greater level of trust and efficiency.”

With encouragement from several senior government officials and leaders in the financial services sector, INSA formed the Financial Threats Task Force to identify opportunities to provide a deeper understanding of the range of financial threats faced by both the public and private sectors, and to strengthen the cooperation between these sectors to mitigate threats.

About INSA 

The Intelligence and National Security Alliance (INSA) is the leading nonpartisan, nonprofit forum for driving public-private partnerships to advance intelligence and national security priorities. A 501(c)(6) membership organization, INSA strives to identify, develop, and promote collaborative approaches to national security challenges. INSA has more than 160 organizations in its membership and enjoys extensive participation from leaders and senior executives in the public, private, and academic sectors. Learn more at www.INSAonline.org.

About the INSA Financial Threats Task Force

The Financial Threats Task Force was established to discern the wide range of financial threats currently affecting the private and public sectors. The overall goal of the Task Force is to determine how to address illicit financial activity and help shape public policy as it relates to the commercial financial sector. The Financial Threats Task Force seeks to bring together and build better relationships with members of the private and public sectors to encourage information sharing and combat financial vulnerabilities such as money laundering, insider threat, threats to critical infrastructure, cybersecurity, and geopolitical threats.

No comments: