Treasury Notes

 Working Together to Improve Cybersecurity

By: Amias Gerety

In our interconnected world, cybersecurity is reliant upon our working together with strong communication and cooperation. At Treasury, we believe that this kind of teamwork is fundamental to confronting the cybersecurity risks that our nation faces and we work with partners across the government and the financial sector on this important issue. For instance, today I spoke to members of the Credit Union National Association about this important shared responsibility. By collaboratively sharing information about malicious cyber activity, affected parties can help to ensure that that incidents impacting one organization do not also affect another.
President Obama signed an Executive Order at Stanford University last month that encourages and promotes the sharing of cybersecurity threat information within the private sector and between the private sector and government. It empowers private sector companies and entities to form cooperative information sharing organizations. By assembling into these collectives, companies that face similar threats or operate similar IT systems can work together more efficiently.
We’ve seen this kind of coordination be successful in the past. Starting in 2012, there was a string of cyber attacks at major U.S. banks. These Distributed-Denial-of-Service (DDoS) attacks were designed to bring down the banks’ websites by flooding their routers and servers with web traffic. By aggressively and expeditiously sharing information among governmental and private sector partners, the financial services sector was able to mitigate many of the worst impacts of the DDoS attacks.
Government and the private sector both have key roles to play in cybersecurity information sharing. For instance, the government can collect law enforcement and intelligence information about cyber threats that is unavailable to the private sector. To ensure that financial institutions receive the greatest benefit from these insights, last year Treasury created the Financial Sector Cyber Intelligence Group (CIG), a specialized team of analysts with expertise in financial services, cybersecurity, and intelligence analysis. The CIG’s primary function is to distribute timely and actionable information and analysis that financial institutions can use to protect themselves from cyber attacks.  The CIG’s work focuses mostly on sharing unclassified information, because this is often the most useful for network defense, but it also coordinates the appropriate sharing of classified information with cleared members of the financial sector in order to provide critical context on cyber threats.
At the same time, only private companies know what malicious cyber activity is impacting their IT networks. Coordinating public and private sector perspectives and resources effectively is the only way to build a comprehensive picture of the cyber threats we face and to protect against them. The President’s Executive Order will help encourage enhanced information sharing between the public and private sectors at large.
To support the President’s initiative, Treasury will assist the Department of Homeland Security (DHS) in its efforts to promote the creation of Information Sharing and Analysis Organizations (ISAOs) and to develop voluntary standards for how they function. We have experienced first-hand the success of this model through the industry-led Financial Sector Information Sharing and Analysis Center (FS-ISAC), which works closely with Treasury and acts as a central hub for the sharing of cyber threat information to over five thousand firms within the financial sector.
To further improve the speed and utility of information sharing, Treasury is working closely with the FS-ISAC and DHS to advance efforts to automate the information sharing process. These efforts will allow organizations to automatically generate machine-readable reports and share them with trusted partners who can process the information and rapidly take action to protect against similar threats. To support the efforts of the sector and better protect its own networks, Treasury is now sharing cyber threat indicators in the Structured Threat Information Expression (STIX) format, which enhances the value of this information by accelerating the process by which it is shared and utilized.
While these are meaningful steps towards enhancing our Nation’s cyber resilience and security, the cybersecurity challenges we face would also benefit from congressional action. In addition to issuing the Executive Order, the President recently proposed legislation that, if passed, would further enhance information sharing while also bolstering consumer protections and law enforcement capabilities. 
The cybersecurity threats we face are persistent and increasingly pernicious.  They will require continual vigilance and the ability to anticipate ever more sophisticated approaches.  By remaining coordinated and working together, joint public-private initiatives are our best defense against the malevolent efforts of individual actors, thereby protecting the stability of the financial system and the interests of American citizens.
Amias Gerety is the Acting Assistant Secretary for Financial Institutions at the U.S. Treasury Department.
Posted in:  Cybersecurity
Bookmark and Share