Cybersecurity Leaders Stress Information Sharing and Collaboration with Government Partners

Cybersecurity thought leaders highlighted threats to the financial services sector at SIFMA’s 2015 Annual Meeting, The Capital Markets Conference, emphasizing the importance of cross-industry and cross-government collaboration and information sharing.

“I think we’re at this moment when people want to make sure they’re doing the right thing” said Gregory Rattray, Director of Global Cyber Partnerships and Government Strategy at JPMorgan Chase. “The ecosystem is challenging. We need to work on that as a sort of whole body — firms, regulators, other government agencies, the technology industry all need to focus on making it a more difficult environment for adversarial behavior,” he said. Rattray noted that firms’ managements need to understand the value of collaboration on this important matter.

“The firms and the industry are partnering ever more effectively with government,” he added. In order to ensure that this is “an effective partnership,” the industry needs to make sure that when firms are unable to deter adversaries from attacks, the government can step in as a partner.

In that regard, Matthew Chung, Managing Director and Chief Information Officer of Technology & Information Risk at Morgan Stanley, said that “regulators have shown a very keen interest in the cybersecurity topic,” but noted that there can be more “convergence” on what regulators are doing to address the issue.

Similarly, Rattray noted the need to streamline regulatory efforts. “The thing that we’d like to work on with the regulators is moving to this common approach so that when we’re answering questions and providing information, that we structure that so it isn’t different every time we engage,” he said.

Both Chung and Rattray highlighted the ‘cybersecurity assessment tool‘ released by the Federal Financial Institutions Examination Council (FFIEC) this year as an example of this kind of structure, but further refinements are required prior to broad application.

“We think it’s a good basis for building programs and it would useful if the oversight of our programs leveraged something that was common across the regulatory efforts,” Rattray explained.

Speaking at the SIFMA Annual Meeting earlier in the day, Treasury Secretary Lew likewise stressed the importance of “employing best practices, of sharing information so that we can have our safeguards be at the maximum level and staying ahead.”

Lew applauded the Senate and House for passing “important” legislation – The Cybersecurity Information Sharing Act (CISA) — that would take down the barriers to information sharing on cybersecurity. “One of the things we know is that if a firm that has been breached shared that information, others can defend against a similar breach and you can detect a pattern that you wouldn’t see if you just looked individually at one  firm or another,” Lew said.

Lew further thanked SIFMA for its work on this issue as well. “We have worked closely with SIFMA over the years on this issue and I applaud SIFMA for its leadership on both taking this challenge seriously and bringing the actors together to have a conversation.”

 

Visit SIFMA’s Cybersecurity Resource Center at www.sifma.org/cybersecurity.

Karl Schimmeck
Managing Director of Financial Services Operations
SIFMA