Feeds

Ex-NSA boss Alexander joins bankers' CYBER WAR COUNCIL

And he's joined by a former Homeland Security secretary

Choosing a cloud hosting partner with confidence

Former NSA head Keith Alexander has been tapped up to advise a new cyber war council for government and financial institutions in the US, according to Bloomberg.

The biz news site has seen a proposal from the Securities Industry and Financial Markets Association (SIFMA) that suggests that the industry needs a committee of execs and officials from at least eight US agencies, including the NSA, the Treasury Department and the Department of Homeland Security, led by a White House official, to help it fend off cyber attacks.

SIFMA has apparently already brought Alexander on board to “facilitate” the council with the government. Alexander left the agency late last year and set up his own consultancy, IronNet Cybersecurity, which offers its services for as much as $1m a month, according to reports.

The former NSA director has, in turn, brought in another old face from around the water cooler for the council: Michael Chertoff, who used to be the US Secretary of Homeland Security, and his Chertoff Group.

According to the proposal document, SIFMA is hugely concerned about the financial industry’s dependence on critical infrastructure like the electric grid, which could be attacked online or in person, and does not have an optimistic view of institutions’ ability to stand up to cyber-criminals, terrorists or nation-states.

“The systemic consequences could well be devastating for the economy as the resulting loss of confidence in the security of individual and corporate savings and assets could trigger widespread runs on financial institutions that likely would extend well beyond the directly impacted banks, securities firms and asset managers,” the association wrote in the document, dated June 27.

“We are concerned that the industry may not have the capabilities that we would like to effectively defend against this newer form of potential attack (DDOS), the capability that we would like to stop such an attack once commenced from spreading to other financial institutions, or the capability we would like of effectively recovering if an initial attack is followed by waves of follow-on attacks.”

SIFMA said that although the government and industry already work together on cybersecurity, a council would allow for near real-time sharing of information and ways to protect against attacks if intelligence agencies know they’re coming. The association also wants to establish protocols for institutions to get government help during and after an attack.

The association did not respond to a request for comment from The Register and hasn’t confirmed the proposal, but members of Congress are already concerned about the possible war council. Alan Grayson (D-Fl) tweeted:

News of the proposal came just before the Senate Intelligence Committee approved the latest version of the bill on cybersecurity data-sharing. Despite concerns from privacy groups (and two of the opposing members of the committee) that the bill doesn’t do enough to protect privacy and civil liberties, the bill went through in a 12-3 vote.

The Cybersecurity Information Sharing Act (CISA) provides for businesses to share data with the government in an effort to repel and prevent online attacks. As it stands, firms can strip out personally identifiable info from the data they share, but only if they have evidence that the user is a US citizen and isn’t involved in a cyber threat.

The government isn’t just looking for information on infrastructure threats. It could also collect data for terms of service violations, the prosecution of identity theft, aiding prosecutions under the Espionage Act, or even to find the identity of whistleblowers.

The legislation still has to face a vote in the full Senate and needs to be reconciled with CISPA, the bill it is intended to replace. The White House has made noises about disliking the privacy implications of the bill, but it’s unclear if President Obama feels strongly enough to veto the legislation if it makes it through. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.