Cyber Threats and Security Solutions
By Charles Blauner, Global Head of Information Security May 24, 2013 11:03 AM
I was honored to testify this week before the House of Representatives Energy and Commerce Committee hearing on Cyber Threats and Security Solutions. Cybersecurity is a critical issue for Citi - one that we grapple with daily. Online criminals and nation state actors continue to develop new and clever ways to infiltrate our systems and infrastructure. Thus, Citi has invested an enormous amount of time, energy and resources to adapt to the changing internet landscape.
I commend the U.S. Government for also making cybersecurity a top priority. The House recently passed key legislation that, if enacted, will greatly facilitate information sharing regarding the threats to our nation's critical infrastructures. In addition, the Administration issued an executive order providing important direction to enhance cybersecurity protections.
My testimony focused on three key areas:
Partnership: The public-private partnership between the government and the financial services sector has been critical to protecting firms against cyber threats. The most recent example of our collaboration is the unified response to cyber attacks that have targeted the U.S. financial services sector since September, 2012. This partnership has allowed for real-time collaboration on measures to mitigate the attacks and provided a forum to request and acquire specific governmental technical assistance. This ongoing partnership is imperative, and we have pledged to continue collaborating to further our mutual goals.
Framework: The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) is working to develop and implement a Cybersecurity Framework. We firmly believe this framework must leverage existing standards, regulations, and processes, such as those in place under the Gramm-Leach-Bliley Act of 1999. Failing to leverage complementary, existing standards will result in redundant audit requirements that become an exercise in compliance rather than an enhancement of cybersecurity.
Information Sharing: Timely and trusted information sharing is key to cybersecurity protection, and it is critical that we see an increase in the volume, timeliness, and quality of threat information shared by U.S. law enforcement and intelligence agencies with private sector entities. We need our government partners to expedite the processing of security clearances, and to declassify and more broadly disseminate threat information critical to enhancing our nation's ability to protect itself from cyber threats. Finally, there is a need for increased research and development coupled with the creation of a skilled cybersecurity workforce that is up to the task of defending us against today's and tomorrow's threats.
Together, Citi, our peer banks, and the government can create tools and defenses that help banks of all sizes cope with cyber threats. We remain committed to working with Congress and the Administration toward our mutual goal of protecting our nation's critical infrastructure. Please visit the Committee's website to learn more and read my full testimony: https://energycommerce.house.gov/hearing/cyber-threats-and-security-solutions.