The Banking and Finance Sector accounts for more than 8 percent of the U.S. annual gross domestic product and is the backbone for the world economy. As direct attacks and public statements by terrorist organizations demonstrate, the sector is a high value and symbolic target. Additionally, large-scale power outages, recent natural disasters, and a possible flu pandemic demonstrate the wide range of potential threats facing the sector. With this understanding, financial regulators and private sector owners and operators work collaboratively to maintain a high degree of resilience in the face of a myriad of potential disasters, be they intentional or unintentional, manmade or natural. This collaboration has led to a comprehensive framework for a strong public private sector partnership. This partnership has developed several programs that currently provide protection and crisis management, which are continuously improving.
Working through this public-private partnership, the Department of the Treasury, as the Sector-Specific Agency (SSA) for the Banking and Finance Sector, has developed this Sector-Specific Plan (SSP) in close collaboration with the Financial and Banking Information Infrastructure Committee (FBIIC) and the Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security (FSSCC).
This SSP, along with the SSPs from the 16 other critical infrastructures identified in Homeland Security Presidential Directive 7 (HSPD-7), are part of the overall National Infrastructure Protection Plan (NIPP). This SSP contains the Banking and Finance Sector’s strategy for working collaboratively with public and private sector partners to identify, prioritize, and coordinate the protection of critical infrastructure. This SSP also summarizes the extensive activities the sector has undertaken already to reduce vulnerabilities and share information.
Contents
Executive Summary
- 1. Sector Profile and Goals
2. Identify Assets, Systems, Networks, and Functions
3. Assess Risks
4. Prioritize Infrastructure
5. Develop and Implement Protective Programs
6. Measure Progress
7. CI/KR Protection Research & Development (R&D)
8. Managing and Coordinating SSA Responsibilities
Introduction
1. Sector Profile and Goals
- 1.1 Sector Profile
1.1.1 Deposit, Consumer Credit, and Payment Systems Products
1.1.2 Credit and Liquidity Products
1.1.3 Investment Products
1.1.4 Risk Transfer Products (Including Insurance)
1.1.5 Federal and Self Regulation of Financial Services Firms
1.1.6 State Regulation of Financial Services Firms
1.2 Security Partners
- 1.2.1 Relationships with Federal and State Regulators and Related Associations
1.2.2 Relationships with Private Sector Owner/Operators and Organizations
1.3 Sector Security Goals
1.4 Value Proposition
2. Identify Assets, Systems, Networks, and Functions
2.1 Defining Information Parameters
2.2 Collecting Infrastructure Information
- 2.2.1 Deposit and Payment System Products
2.2.2 Credit and Liquidity Products
2.2.3 Investment Products
2.2.4 Risk Transfer Products
2.2.5 Collecting Asset Data
2.3 Verifying Infrastructure Information
2.4 Updating Infrastructure Information
3. Assess Risks
- 3.1 Use of Risk Assessment in the Sector
3.2 Screening Infrastructure
3.3 Assessing Consequences
3.4 Assessing Vulnerabilities
3.5 Assessing Threats
4. Prioritize Infrastructure
5. Develop and Implement Protective Programs
- 5.1 Overview of Sector Protective Programs
5.2 Determining Protective Program Needs
5.3 Protective Program Implementation Going Forward
5.4 Protective Program Performance
6. Measure Progress
6.1 CI/KR Performance Measurement
- 6.1.1 Developing Sector Specific Metrics
6.1.2 Information Collection and Verification
6.1.3 Reporting
6.2 Implementation Actions
6.3 Challenges and Continuous Improvement
7. CI/KR Protection R&D
- 7.1 Overview of Sector R&D
7.2 Sector R&D Requirements
7.3 Sector R&D Plan
7.4 R&D Management Processes
8. Manage and Coordinate SSA Responsibilities
8.1 Program Management Approach
8.2 Process and Responsibilities
- 8.2.1 SSP Maintenance and Update
8.2.2 Annual Reporting
8.2.3 Training and Education
8.3 Implementing the Sector Partnership Model
8.4 Information Sharing and Protection
Appendix 1: List of Acronyms and Abbreviations
- Appendix 2: Statutory Authorities
Federal Regulators
State Regulators
Guidance and Key Documents: Federal Regulators
Guidance and Key Documents: State Regulators
Appendix 3: FSSCC Research and Development Agenda
List of Figures
Figure E-1. Vision Statement for the Banking and Finance Sector
Figure 1-1. FBIIC Members
Figure 1-2. FSSCC Members
Figure 1-3. Regional Partnerships
Figure 1-4. Locations of Regional Partnerships
Figure 1-5. Vision Statement for the Banking and Finance Sector
Figure 2-1. Vulnerability Assessment Methodology
Figure 3-1. Vulnerability Assessment Methodology
Figure 3-2. Dependent Relationships
Figure 4-1. Vulnerability Assessment Methodology
Figure 5-1. Vulnerability Assessment Methodology
Figure 6-1. Vulnerability Assessment Methodology
Figure 8-1. Information Flow
List of Tables
Table 6-1. Implementation Actions
Table A-1. Comparison Matrix: FSSCC R&D Challenges vs. NIPP R&D Themes
Download
PDF Ebook Banking and Finance
