The largest and most important banks, those designated by the Department of Homeland Security as critical to the U.S. financial system, have a new forum for working together on cyberthreats, they said Monday.
The Financial Systemic Analysis and Resilience Center, or FSARC, is being launched by eight large U.S. banks — Bank of America, BNY Mellon, Citigroup, Goldman Sachs, JPMorgan Chase, Morgan Stanley, State Street and Wells Fargo — according to an announcement Monday.
“We are advancing the state of the [cyberthreat information-sharing] art, this is a major enhancement to what we’re doing” collaborating on cybersecurity issues, explained John Carlson, chief of staff at the Financial Services Information Sharing and Analysis Center, or FS-ISAC.
FS-ISAC stood up the center and will provide infrastructure for it initially, said Carlson. For instance, the FS-ISAC secure internet portal will probably be used to distribute FSARC materials, because “We’re making a very conscious effort to make sure the products will be distributed to the whole FS-ISAC membership,” Carlson said. But he added that the center has its own membership criteria, and will be self-funding and -governing.
The center has three objectives, explained Carlson:
- To “enhance information sharing amongst firms that have been designated [by DHS] as being especially critical to the banking system.” This isn’t the same as the “systemically important” designation under the post-crash Dodd-Frank reforms.
- To improve the quality and quantity of available analysis of systemic cyber risk “across financial products and practices” — making it “deeper and better.”
- To deepen the collaboration between the largest banks “and with their government partners, especially in the area of combatting cybercrime.”
“We expect other institutions” designated by DHS “will join” the center, in addition to the eight founder members, Carlson said. All those eight banks received notice earlier this year that they had been designated by DHS under the provisions of President Barack Obama’s Feb. 2013 executive order as “critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.”
“That was a contributing factor to the decision” to set the center up, said Carlson. He said the center was looking for premises in Arlington as a headquarters. Bank of America’s Senior Vice President for Global Cybersecurity Public Policy Siobhan MacDermott and JPMorgan Managing Director Greg Rattray will serve as interim co-presidents of the center until it reaches full operational capability, the announcement said.