'Widespread runs'
"The systemic consequences could well be devastating for the economy as the resulting loss of confidence in the security of individual and corporate savings and assets could trigger widespread runs on financial institutions that likely would extend well beyond the directly impacted banks, securities firms and asset managers," Sifma wrote in the document, dated June 27.
Liz Pierce, a spokesman for Sifma, declined to comment on the document, adding that the group "is doing everything possible to help the industry prepare for and defend against cyberattacks." Caitlin Hayden, spokeswoman for the White House National Security Council, declined to comment.
Alexander had been pitching Sifma and other bank trade associations to purchase his services through his new consulting firm, IronNet Cybersecurity, for as much as $1 million per month, according to two people briefed on the talks.
He has made much the same argument to Sifma as the association is now making to the government about the emergence of new, more destructive software assaults. For several months beginning in fall 2012, major US bank websites were hit by what is known as distributed denial-of-service attacks, in which hackers flood systems with information to shut them down.
Cleared account balances
The next wave of attacks "in the near-medium term" is likely to be more destructive and could result in "account balances and books and records being converted to zeros," while recovering the lost information "would be difficult and slow," according to the Sifma document.
"We are concerned that the industry may not have the capabilities that we would like to effectively defend against this newer form of potential attack, the capability that we would like to stop such an attack once commenced from spreading to other financial institutions, or the capability we would like of effectively recovering if an initial attack is followed by waves of follow-on attacks," the document says.
While noting that the coordination between industry and government on cyber threats has improved in recent years, a joint council would produce a more focused response, according to Sifma.
Read also:
• Computer users warned over virus pandemic
• NSA head: 'Dozens of attacks thwarted'
The government-industry group would develop plans for "much quicker, near real-time" dissemination of information from agencies to the private sector and ways to "actively defend the industry" if preparations for a cyber attack are discovered in advance. Sifma is also seeking "pre-discussed and mutually understood protocols" for the industry to request government help during and after an attack.
Protection for electricity grid
In addition, Sifma wants greater protection for the US electricity grid, which it says is "vulnerable to physical destruction of transformers and other equipment in a small number of undefended substations."
"The core problem is that if transformers and critical equipment were destroyed at these sites, it could take months to build the replacement equipment," Sifma wrote.
Senators Dianne Feinstein and Saxby Chambliss sponsor the Senate Intelligence Committee aimed at improving private-sector cyber-defences. Photo / AP
The Senate Intelligence Committee plans today to take up a bipartisan bill - sponsored by Senators Dianne Feinstein, a California Democrat, and Saxby Chambliss, a Georgia Republican - aimed at improving private-sector cyber-defences. The bill includes rules insulating banks from liability arising from sharing of information for cybersecurity, addressing a point financial institutions have raised in the past.
- Bloomberg
