Feds Invest In Info-Sharing Center For Financial Industry Security

They'll spend $2 million to create a next-generation financial-services information-sharing and -analysis center to help the industry protect its IT infrastructure.
The federal government will spend $2 million to create what Treasury Secretary John Snow calls a next-generation information-sharing and -analysis center to help the financial-services industry protect its technology infrastructure from physical and cyberthreats.

"At the heart of our ability to protect our financial system from attack or disruption is the sharing of information between government and the private sector, as well as information sharing among individual financial institutions," Snow said in a statement Tuesday announcing the $2 million contract with the Financial Services Information Sharing and Analysis Center. It encompasses a secure database, analytic tools, and information-gathering and -distribution facilities designed to allow authorized individuals to submit either anonymous or attributed reports about information-security threats, vulnerabilities, incidents, and solutions. "The next-generation FS-ISAC will provide real-time, accurate information about emerging physical and cyberthreats to the entire financial community in a confidential and secure manner."

Specifically, the $2 million will:

• Transform the existing Financial Services Information Sharing and Analysis Center from a technology platform that serves approximately 80 financial institutions to one that serves the entire 30,000-institution financial sector--including banks, credit unions, securities firms, insurance companies, commodity futures merchants, exchanges, and others.

• Provide a secure, confidential forum for financial institutions to share information as they respond in real time to particular threats.

• Add information about physical threats to the cyberthreat information that the FS-ISAC disseminates.

• Incorporate an advance notification service that will tell member financial institutions of threats. The primary means of notification will be the Internet. If, however, Internet traffic is disrupted, the notification will be by other means, such as telephone calls and faxes.

• Integrate 16 quantitative measures to let center and Treasury Department leaders assess the center's performance and the state of information sharing within the industry in response to particular threats.

This $2 million contract is a onetime expenditure to upgrade the technology supporting the center. Treasury officials, based on extensive market research, project that by the fall of 2005, the center can be funded entirely by membership fees paid by the private sector.

The next-generation center has four membership levels, depending upon the services provided. The most basic membership level is free. The three other levels are priced at $750, $10,000, and $50,000. Financial institutions interested in learning more can do so at

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing