Feeds

Ex-NSA boss Alexander joins bankers' CYBER WAR COUNCIL

And he's joined by a former Homeland Security secretary

Beginner's guide to SSL certificates

Former NSA head Keith Alexander has been tapped up to advise a new cyber war council for government and financial institutions in the US, according to Bloomberg.

The biz news site has seen a proposal from the Securities Industry and Financial Markets Association (SIFMA) that suggests that the industry needs a committee of execs and officials from at least eight US agencies, including the NSA, the Treasury Department and the Department of Homeland Security, led by a White House official, to help it fend off cyber attacks.

SIFMA has apparently already brought Alexander on board to “facilitate” the council with the government. Alexander left the agency late last year and set up his own consultancy, IronNet Cybersecurity, which offers its services for as much as $1m a month, according to reports.

The former NSA director has, in turn, brought in another old face from around the water cooler for the council: Michael Chertoff, who used to be the US Secretary of Homeland Security, and his Chertoff Group.

According to the proposal document, SIFMA is hugely concerned about the financial industry’s dependence on critical infrastructure like the electric grid, which could be attacked online or in person, and does not have an optimistic view of institutions’ ability to stand up to cyber-criminals, terrorists or nation-states.

“The systemic consequences could well be devastating for the economy as the resulting loss of confidence in the security of individual and corporate savings and assets could trigger widespread runs on financial institutions that likely would extend well beyond the directly impacted banks, securities firms and asset managers,” the association wrote in the document, dated June 27.

“We are concerned that the industry may not have the capabilities that we would like to effectively defend against this newer form of potential attack (DDOS), the capability that we would like to stop such an attack once commenced from spreading to other financial institutions, or the capability we would like of effectively recovering if an initial attack is followed by waves of follow-on attacks.”

SIFMA said that although the government and industry already work together on cybersecurity, a council would allow for near real-time sharing of information and ways to protect against attacks if intelligence agencies know they’re coming. The association also wants to establish protocols for institutions to get government help during and after an attack.

The association did not respond to a request for comment from The Register and hasn’t confirmed the proposal, but members of Congress are already concerned about the possible war council. Alan Grayson (D-Fl) tweeted:

News of the proposal came just before the Senate Intelligence Committee approved the latest version of the bill on cybersecurity data-sharing. Despite concerns from privacy groups (and two of the opposing members of the committee) that the bill doesn’t do enough to protect privacy and civil liberties, the bill went through in a 12-3 vote.

The Cybersecurity Information Sharing Act (CISA) provides for businesses to share data with the government in an effort to repel and prevent online attacks. As it stands, firms can strip out personally identifiable info from the data they share, but only if they have evidence that the user is a US citizen and isn’t involved in a cyber threat.

The government isn’t just looking for information on infrastructure threats. It could also collect data for terms of service violations, the prosecution of identity theft, aiding prosecutions under the Espionage Act, or even to find the identity of whistleblowers.

The legislation still has to face a vote in the full Senate and needs to be reconciled with CISPA, the bill it is intended to replace. The White House has made noises about disliking the privacy implications of the bill, but it’s unclear if President Obama feels strongly enough to veto the legislation if it makes it through. ®

Beginner's guide to SSL certificates

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.