Feeds

Ex-NSA boss Alexander joins bankers' CYBER WAR COUNCIL

And he's joined by a former Homeland Security secretary

Beginner's guide to SSL certificates

Former NSA head Keith Alexander has been tapped up to advise a new cyber war council for government and financial institutions in the US, according to Bloomberg.

The biz news site has seen a proposal from the Securities Industry and Financial Markets Association (SIFMA) that suggests that the industry needs a committee of execs and officials from at least eight US agencies, including the NSA, the Treasury Department and the Department of Homeland Security, led by a White House official, to help it fend off cyber attacks.

SIFMA has apparently already brought Alexander on board to “facilitate” the council with the government. Alexander left the agency late last year and set up his own consultancy, IronNet Cybersecurity, which offers its services for as much as $1m a month, according to reports.

The former NSA director has, in turn, brought in another old face from around the water cooler for the council: Michael Chertoff, who used to be the US Secretary of Homeland Security, and his Chertoff Group.

According to the proposal document, SIFMA is hugely concerned about the financial industry’s dependence on critical infrastructure like the electric grid, which could be attacked online or in person, and does not have an optimistic view of institutions’ ability to stand up to cyber-criminals, terrorists or nation-states.

“The systemic consequences could well be devastating for the economy as the resulting loss of confidence in the security of individual and corporate savings and assets could trigger widespread runs on financial institutions that likely would extend well beyond the directly impacted banks, securities firms and asset managers,” the association wrote in the document, dated June 27.

“We are concerned that the industry may not have the capabilities that we would like to effectively defend against this newer form of potential attack (DDOS), the capability that we would like to stop such an attack once commenced from spreading to other financial institutions, or the capability we would like of effectively recovering if an initial attack is followed by waves of follow-on attacks.”

SIFMA said that although the government and industry already work together on cybersecurity, a council would allow for near real-time sharing of information and ways to protect against attacks if intelligence agencies know they’re coming. The association also wants to establish protocols for institutions to get government help during and after an attack.

The association did not respond to a request for comment from The Register and hasn’t confirmed the proposal, but members of Congress are already concerned about the possible war council. Alan Grayson (D-Fl) tweeted:

News of the proposal came just before the Senate Intelligence Committee approved the latest version of the bill on cybersecurity data-sharing. Despite concerns from privacy groups (and two of the opposing members of the committee) that the bill doesn’t do enough to protect privacy and civil liberties, the bill went through in a 12-3 vote.

The Cybersecurity Information Sharing Act (CISA) provides for businesses to share data with the government in an effort to repel and prevent online attacks. As it stands, firms can strip out personally identifiable info from the data they share, but only if they have evidence that the user is a US citizen and isn’t involved in a cyber threat.

The government isn’t just looking for information on infrastructure threats. It could also collect data for terms of service violations, the prosecution of identity theft, aiding prosecutions under the Espionage Act, or even to find the identity of whistleblowers.

The legislation still has to face a vote in the full Senate and needs to be reconciled with CISPA, the bill it is intended to replace. The White House has made noises about disliking the privacy implications of the bill, but it’s unclear if President Obama feels strongly enough to veto the legislation if it makes it through. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.