LS-135: STATEMENT BY TREASURY SECRETARY LAWRENCE H. SUMMERS ON <script type="text/javascript"> var wmNotice = "UNT Web Archive - External links, forms, and search boxes may not function within this collection. Url: http://treas.gov/press/releases/ls135.htm time: 8:29:03 Sep 20, 2008"; var wmHideNotice = "hide"; var contextRoot = "https://webarchive.library.unt.edu/eot2008/"; </script> <script type="text/javascript" src="https://webarchive.library.unt.edu/eot2008/js/disclaim.js"></script> <br>FINANCIAL SERVICES INFORMATION SHARING AND ANALYSIS CENTER



	FROM THE OFFICE OF PUBLIC AFFAIRS October 1, 1999 LS-135 STATEMENT BY TREASURY SECRETARY LAWRENCE H. SUMMERS ON FINANCIAL SERVICES INFORMATION SHARING AND ANALYSIS CENTER Good morning. Welcome to the Treasury Department. Let me start by thanking you for joining us this morning. I want to especially thank Chairman Arthur Levitt of the Securities and Exchange Commission, Vice Chairman Roger Ferguson of the Federal Reserve Board, Richard Clarke of the National Security Council and the representatives of the financial services industry. It gives me great pleasure to be here today to speak about the newly announced financial services information sharing and analysis center (FS/ISAC). Through this center, financial services firms will be able to better protect their computer systems from attack by sharing information about such attacks. Such information will be shared anonymously, to encourage candor, and on a real time basis, to allow other firms to prepare immediately for similar attacks. When I first joined Treasury some years ago, I can assure you we were not thinking about threats to the financial system emanating from viruses, trojan horses, logic bombs, or malicious code. But we are thinking about those things now, and with good reason. It is hard to believe that five years ago almost none of us were on the Internet, but today many of us would feel that our lives had been disrupted if our Internet service provider went down, even for a few hours. Anyone who has ever called customer service and been told, "Please call back later, our computers are down" knows this very well. It is simply not an option for American business, and in particular the American financial services system, to go back to serving its customers the old fashioned way should their computers go out. Our increased reliance on computers and other technology raise a new set of security needs. A 1998 study by the Computer Security Institute found that 64 percent of companies polled reported information system security breaches, an increase of 16 percent over the prior year. The estimated total financial loss from those breaches grew 36 percent compared to the reported losses of 1997. As damaging as these attacks have been, the vast majority has been conducted by disgruntled individuals. We face a future, though, where criminals, terrorists, or even nation states may use the same tools in a more organized way for darker purposes. As damaging as these attacks have been, the vast majority has been conducted by disgruntled individuals. We face a future, though, where criminals, terrorists, or even nation states may use the same tools in a more organized way for darker purposes. Recognizing early on the potential for cyber attacks to cause damage to the nation's military and private sector infrastructure, the President in 1996, formed the President's Commission on Critical Infrastructure Protection; and in May 1998, he signed Presidential Decision Directive 63. Richard Clarke of the NSC has overseen these efforts as National Coordinator for Security Infrastructure Protection and Counter-Terrorism. The President's directive recognizes that our nation's economy increasingly relies on the smooth functioning of computer systems. And the increasing use of open systems such as the Internet, both in the private sector and even the military, creates a new vulnerability. The financial services industry is no exception. Thus, Presidential Decision Directive 63 directed the Treasury Department to work with representatives of the banking and finance sector to enhance the security of the industry's information systems. We at Treasury have worked closely with the information security professionals assembled here today and many others to carry out that mandate. But we have always recognized that the financial services sector itself must have the lead. The information sharing center that is opening today is a tribute to the determination of the member firms represented here to get out in front of the growing information security problem. I would in particular like to thank Steve Katz of Citigroup, who has served as our private sector coordinator, and Stash Jarocki of Depository Trust Company, who has headed the task force putting together the center. The industry ISAC can play a key role in bolstering the confidence of the American public in the security and stability of our financial system. By joining together to share information about cyber attacks and ways to defeat them, the financial services firms represented here have taken an important step both for their own security and that of the nation. We believe that the participation of some of our largest financial services firms will serve as an example leading others. And we hope that the financial services center can serve as a model for other sectors of the economy wishing to protect themselves in this way. The support of the Securities and Exchange Commission and the Federal Reserve Board will be critical to the success of this initiative, and I thank them for their interest. I am also grateful that the Federal Reserve, in its role as payment system provider, has expressed interest in becoming a participating member of the Financial Services ISAC. In conclusion, I want to thank everyone who has contributed so much to the success of this undertaking, and thank you all for being here today. I would now like to turn the microphone over to Steve Katz, our private sector coordinator, who will describe the center in greater detail.