Critical Infrastructure Protection: Efforts of the Financial Services Sector to Address Cyber Threats
Highlights
Since 1998, the federal government has taken steps to protect the nation's critical infrastructures, including developing partnerships between the public and private sectors. These cyber and physical public and private infrastructures, which include the financial services sector, are essential to national security, economic security, and/or public health and safety. GAO was asked to review (1) the general nature of the cyber threats faced by the financial services industry; (2) steps the financial services industry has taken to share information on and to address threats, vulnerabilities, and incidents; (3) the relationship between government and private sector efforts to protect the financial services industry's critical infrastructures; and (4) actions financial regulators have taken to address these cyber threats.
Recommendations
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Department of the Treasury | To improve the likelihood of success of the financial services sector's Critical Infrastructure Protection efforts, the Secretary of the Treasury should direct the Assistant Secretary for Financial Institutions, the banking and finance sector liaison, to coordinate with the industry in its efforts to update the sector's National Strategy for Critical Infrastructure Assurance and in establishing interim objectives, detailed tasks, timeframes, and responsibilities for implementing it and a process for monitoring progress. As part of these efforts, the Assistant Secretary should assess the need for grants, tax incentives, regulation, or other public policy tools to assist the industry in meeting its goals. |
Closed – Implemented
(1a) The agency, in close collaboration with various organizations within the Banking and Finance sector, developed a Sector Specific Plan (SSP). Published in December 2006, the SSP contains the Banking and Finance Sector's strategy for working collaboratively with public and private sector partners to identify, prioritize, and coordinate the protection of critical infrastructure. This SSP established objectives, tasks, timeframes, and responsibilities for protecting the banking and finance infrastructure and is to be continually updated. (1b) Additionally, in order to provide incentives for enhanced security, Treasury's Office of Critical Infrastructure Protection and Compliance Policy (CIP&CP) has been working with organizations within the Banking and Finance Sector to assess vulnerabilities and highlight areas for improvement. As part of this effort, CIP&CP has created a research and development agenda (R&D Agenda) aimed at improving both the state-of-the-are in Critical Infrastructure Protection (CIP) as well as the state-of-the practice as it relates to this sector of the economy. The Agenda's overall goal is to support research and development activities and process improvements that will raise the overall level of the sector's preparedness and resiliency as well as the individual level at each institution.
|