Förderverein Informationstechnik und Gesellschaft

IP: Nation's banks create private computer security system

------- Forwarded message follows ------- Date sent: Fri, 1 Oct 1999 22:41:04 -0400 To:, Digital Bearer Settlement List <>, From: Robert Hettinga <> Subject: IP: Nation's banks create private computer security system

--- begin forwarded text

Date: 1 Oct 99 19:13:56 EDT From: ROBERT HARPER <> To: Ignition Point <> Subject: IP: Nation's banks create private computer security system Sender: Reply-To: ROBERT HARPER <>

Nation's banks create private computer security system 6.33 p.m. ET (2240 GMT) October 1, 1999

By Ted Bridis, Associated Press

WASHINGTON (AP) - The nation's banking industry has quietly wired itself a $1.5 million private computer network to share information anonymously about electronic threats from rogue employees, software bugs, viruses and hackers, the Treasury Department said Friday.

The Financial Services Information Sharing and Analysis Center is the result of orders from President Clinton to better protect America's most important industries from cyber attacks. It's in a secret location known to only about a half-dozen people, but it's believed to be nestled among a corridor of high-tech firms in northern Virginia.

Similar centers are planned in the coming months for seven other industries, including telecommunications, oil and gas, electrical power, transportation and America's water supply system.

This summer, the White House announced its plan to create a government-wide security network to protect its most important nonmilitary computers.

"New threats call for new types of solutions,'' said Treasury Secretary Lawrence Summers, adding that banking officials need to learn about viruses and malicious software that disguises itself as innocuous code.

Only licensed banks and other government-regulated financial firms that become subscribers will be able to exchange information or tap into this network's details of known security threats. Urgent alerts will be sent by e-mail, pager and cellular phones to a bank's experts - who will pay $13,000 to $125,000, depending on how many employees are using it.

"Every day, everywhere, people are trying to break into financial institutions - and sometimes from within financial institutions - trying to take money they're not authorized to have,'' said Kawika Daguio, vice president of the Washington-based Financial Information Protection Association.

Names and other identifying details will be stripped from submissions to ensure anonymity and encourage honesty - and partly so rival banks don't misuse the information and regulators can never know a specific financial institution was having problems.

"Once we demonstrated that you could have an anonymous capability so you can't trace it, most institutions stood up immediately and said, `Let's go do this,''' said Bill Marlow, executive vice president for Global Integrity, the consulting company in Reston, Va., that built the center.

Organizers said 16 financial institutions - with a total of $4.5 trillion in assets among them - have so far joined the network, with 500 to 1,000 more expected to join in the next 18 months.

One of the center's greatest strengths, say organizers, will be its ability to notice trends: A report by one bank of a hacker sniffing around its network becomes more onerous if dozens of other banks also report noticing exactly the same technique.

"Not a day goes by without seeing alerts about security, vulnerabilities in the products we use or news stories about Internet sites being compromised,'' said Steve Katz of Citigroup Inc., the center's coordinator. "What might appear to any one company as a random event might be more significant if looked at in the aggregate.''

Although the Treasury Department helped organize the center, government leaders said U.S. agencies won't eavesdrop on the threat information disclosed by banks. However, the government will volunteer details about security problems through the FBI's National Infrastructure Protection Center.

"If they choose to give information to the government, that's nice,'' said Richard Clarke of the National Security Council. "The government, however, will share information with them ... both classified and non-classified information.''

____________________________________________________________________ Get free email and a permanent address at

********************************************** To subscribe or unsubscribe, email: with the message: (un)subscribe ignition-point email@address ********************************************** <> **********************************************

--- end forwarded text

----------------- Robert A. Hettinga <mailto:> The Internet Bearer Underwriting Corporation <> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

------- End of forwarded message -------