Feeds

Ex-NSA boss Alexander joins bankers' CYBER WAR COUNCIL

And he's joined by a former Homeland Security secretary

Internet Security Threat Report 2014

Former NSA head Keith Alexander has been tapped up to advise a new cyber war council for government and financial institutions in the US, according to Bloomberg.

The biz news site has seen a proposal from the Securities Industry and Financial Markets Association (SIFMA) that suggests that the industry needs a committee of execs and officials from at least eight US agencies, including the NSA, the Treasury Department and the Department of Homeland Security, led by a White House official, to help it fend off cyber attacks.

SIFMA has apparently already brought Alexander on board to “facilitate” the council with the government. Alexander left the agency late last year and set up his own consultancy, IronNet Cybersecurity, which offers its services for as much as $1m a month, according to reports.

The former NSA director has, in turn, brought in another old face from around the water cooler for the council: Michael Chertoff, who used to be the US Secretary of Homeland Security, and his Chertoff Group.

According to the proposal document, SIFMA is hugely concerned about the financial industry’s dependence on critical infrastructure like the electric grid, which could be attacked online or in person, and does not have an optimistic view of institutions’ ability to stand up to cyber-criminals, terrorists or nation-states.

“The systemic consequences could well be devastating for the economy as the resulting loss of confidence in the security of individual and corporate savings and assets could trigger widespread runs on financial institutions that likely would extend well beyond the directly impacted banks, securities firms and asset managers,” the association wrote in the document, dated June 27.

“We are concerned that the industry may not have the capabilities that we would like to effectively defend against this newer form of potential attack (DDOS), the capability that we would like to stop such an attack once commenced from spreading to other financial institutions, or the capability we would like of effectively recovering if an initial attack is followed by waves of follow-on attacks.”

SIFMA said that although the government and industry already work together on cybersecurity, a council would allow for near real-time sharing of information and ways to protect against attacks if intelligence agencies know they’re coming. The association also wants to establish protocols for institutions to get government help during and after an attack.

The association did not respond to a request for comment from The Register and hasn’t confirmed the proposal, but members of Congress are already concerned about the possible war council. Alan Grayson (D-Fl) tweeted:

News of the proposal came just before the Senate Intelligence Committee approved the latest version of the bill on cybersecurity data-sharing. Despite concerns from privacy groups (and two of the opposing members of the committee) that the bill doesn’t do enough to protect privacy and civil liberties, the bill went through in a 12-3 vote.

The Cybersecurity Information Sharing Act (CISA) provides for businesses to share data with the government in an effort to repel and prevent online attacks. As it stands, firms can strip out personally identifiable info from the data they share, but only if they have evidence that the user is a US citizen and isn’t involved in a cyber threat.

The government isn’t just looking for information on infrastructure threats. It could also collect data for terms of service violations, the prosecution of identity theft, aiding prosecutions under the Espionage Act, or even to find the identity of whistleblowers.

The legislation still has to face a vote in the full Senate and needs to be reconciled with CISPA, the bill it is intended to replace. The White House has made noises about disliking the privacy implications of the bill, but it’s unclear if President Obama feels strongly enough to veto the legislation if it makes it through. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.