Skip to Content Skip to Site Navigation

American Banker - On Focus and In Depth

About the Banking Group
Saturday, July 31, 2010, as of 04:24 PM EDT

Viewpoint: Defining and Designing the New Security

American Banker  |  Friday, September 22, 2006

By Catherine A. Allen
Print Email Reprints Feedback

When BITS was founded by leading financial services CEOs in 1996, we were focused on the sweeping change brought on by the Internet and e-commerce.

We were forward-thinking and innovative. We thought we understood the scope of the changes the years would bring. We knew security would remain our foundation, in both the physical and the virtual world.

We could not have anticipated that a decade later, September would remind us of the losses we suffered on a day when our industry became a target of a physical attack the likes of which our nation had never seen.

We remember alarm. We remember disbelief. We remember television screens and photographs. We remember phone calls that told us our friends and family were safe - or that they were not.

Security is woven into the fabric of our industry. It is in the brick and mortar we use to erect our buildings. It is in the circuits and fiber we use to create our technologies. It is in our handshakes when we sign on to new business ventures. Security of customer information and transactions, security of our employees, and security of our physical infrastructures are nothing less than everything to us.

On Sept. 11 our industry fared well. Our infrastructure held. We proved our financial institutions were worthy of the trust of our customers, the nation, and the world. We proved we understood that word, security.

Until that day, though, we had not come face to face with the depth and breadth of security. The meaning of the word changed on that day forever.

That is when we became acquainted with what I call the new security.

One critical aspect of the new security that came into sharp relief on Sept. 11 is our sector's dependence on other critical infrastructures. We certainly can be proud of our strength, but it means little if the other infrastructures on which we rely, particularly telecommunications and energy, are vulnerable.

After Sept. 11, BITS worked to identify and mitigate vulnerabilities in these other sectors, as well as our own, and to enhance the recoverability of financial services in the event of a crisis.

What we've seen since then is nothing short of unprecedented cooperation. We've worked with CEOs of some of the nation's most powerful companies to mitigate unacceptable risks. We've talked frankly about our own strengths and weaknesses, and how together we can best assure diversity, recoverability, redundancy, and resiliency. We've agreed on best practices - practices that reflect today's heightened risks.

Cooperation is the new security.

What else have we learned? We've seen that when physical disaster occurs, it tends to be contained in one geographic area. The new security means financial services firms located in close geographic proximity should work together on business continuity.

In 2003, BITS contributed its crisis management expertise to a regional coalition, ChicagoFIRST, and documented the process. A handbook - "Improving Business Continuity in the Financial Services Sector: a Model for Starting Regional Coalitions" - was funded by the Department of the Treasury and co-authored by BITS, Boston Consulting Group, and ChicagoFIRST. That handbook is helping other regional coalitions create practical plans for working together during a crisis.

Partnerships are the new security.

The attacks also made us think differently about the reliability, recoverability, resilience, and continuity of information systems. In the weeks and months afterward we began to talk about "a digital 9/11." The unseen networks of information that are our cyberinfrastructure became both a terrifying target and a priority of awesome proportions.

We began to view those networks as potentially vulnerable and, if damaged, capable of a magnitude of cascading consequences we could not imagine, undermining our industry, individuals, the nation, and the world.

BITS urged major software vendors to meet industry requirements for software security. With the Financial Services Roundtable, we convened a CEO Software Security Summit and created a joint policy statement calling for stepped-up security in software sold to financial services customers.

Action is the new security.

We leveraged our relationships with leaders in Washington to be sure our message was heard. Again and again, BITS proved that this industry was not only prepared, resilient, and, yes, secure, but also that we were vigilant and would not let security take a back seat. Our members worked together to thwart online fraud and identity theft and make sense of the dizzying array of authentication strategies. We brought in anti-laundering experts to tell us about banking's ties to terrorism and what we can do about it today.

Education is the new security.

Finally, the new security tells us that private-public partnerships are appropriate, viable, and essential. There is a role for the federal government in strengthening security.

BITS supports and promotes the Prepare doctrine for better and more secure information technology. In brief, this doctrine calls for:

Promotion. The government can play an important role in promoting the importance of secure information technology.

Responsibility. Producers of software and hardware should be accountable for the quality of their products. The government should establish incentives.

Education. The government should support communication of the importance of safe practices to all users of information technology.

Procurement. The government can play an important role in encouraging the information technology industry to deliver and implement more secure systems.

Analysis. The government should analyze the costs and impact of information security risks, vulnerabilities, and threats and provide this analysis to policymakers.

Research. The government should support research to create more secure software development practices, testing, and certification programs.

Enforcement. Law enforcement agencies must do more to enforce, investigate, and prosecute cybercrimes here and abroad.

Responsibility is the new security.

Throughout my decade as the CEO of BITS, I have urged industry executives to make a difference by giving their attention and their intellect to our industry's most challenging issues. This is because I believe in applying the same dedication, innovation, creativity, and enthusiasm to growing a business as you do to championing the right causes - the causes that benefit all of us.

Security always has been and will remain the bedrock of our industry. Sept. 11 exposed us terribly, and it made us safer for what we learned. This September we have much to be proud of, much to be thankful for, and much left to do. Our world is changing constantly.

When the sun rises tomorrow, it will be a new day. We will practice the new security and let its definition evolve. Our work is not nearly complete.

Ms. Allen is the chief executive officer of BITS, a nonprofit consortium made up of 100 of the largest U.S. financial institutions, that focuses on issues related to security, privacy, infrastructure development, and emerging technologies. She is also the chairman and chief executive officer of Santa Fe Group, a New Mexico consulting firm.

More articles in

Related Articles

White Papers

Process improvement patterns for banks

Increase Profitability through Improved Client Inquiry and Request Management

Data Quality: The Foundation of Operational Effectiveness

Get on the Fast Track to Maximizing Customer Value: Operationalizing Customer Centricity to Drive Sustained Growth in a Low-Growth Environment

Trade Finance And Cash Management Convergence: Going Beyond Technology Integration To Protect And Strengthen Critical Business Relationships

Web Seminars

Building Loyalty: How To Design Programs that Cement Relationships
September 1, 2010

Saving Money and Staying Compliant: The Advantages of Application Performance Management
August 11, 2010

Smart Commercial Lending: Transforming Operations to Position for Growth
Available on Demand

Getting a Fix on Small Business: An Avenue for Lending Growth
Available on Demand

Meeting the Challenge: How to Implement Enterprise Risk Management
June 22, 2010