JS-2213: Remarks of <script type="text/javascript"> var wmNotice = "UNT Web Archive - External links, forms, and search boxes may not function within this collection. Url: http://treasury.gov/press/releases/js2213.htm time: 11:04:43 Jan 09, 2009"; var wmHideNotice = "hide"; var contextRoot = "https://webarchive.library.unt.edu/eot2008/"; </script> <script type="text/javascript" src="https://webarchive.library.unt.edu/eot2008/js/disclaim.js"></script> <br>D. Scott Parsons<br>Deputy Assistant Secretary for Critical Infrastructure Protection<br>before the Outreach Meeting of the<br>Financial and Banking Information Infrastructure <br>Committee and the<br>Financial Services Sector Coordinating Council<br>New York, NY



	FROM THE OFFICE OF PUBLIC AFFAIRS January 25, 2005 JS-2213 Remarks of D. Scott Parsons Deputy Assistant Secretary for Critical Infrastructure Protection before the Outreach Meeting of the Financial and Banking Information Infrastructure Committee and the Financial Services Sector Coordinating Council New York, NY I want to begin today by thanking the Federal Deposit Insurance Corporation for their work in putting together these conferences across our great country. The professionalism of the men and women of the FDIC has been exemplary, and we appreciate their dedication to this important outreach. Winston Churchill's words more than a half-century ago are an appropriate description of our position today as we work together to protect our homeland. Churchill said, "This is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning." Today is the culmination of an outreach program on critical infrastructure protection that took us to 29 cities across the country. In many ways, the idea for the outreach began here in New York City on September 11, 2001. The spirit of America is one of steadfast resolve with an inclination toward action. And shortly after the cowardly attacks of September 11, we swung into action. The Administration put forward plans to protect our critical physical and cyber infrastructures. Even before the 9/11 commission was created, we began to break down old barriers that inhibited information sharing in the government. At the Treasury, we have two important roles in protecting the homeland. The President designated Treasury as the lead agency for protecting the financial infrastructure that is the engine of our economy. The second role is to work to stop the flow of blood money to the terrorists. As Secretary Snow has said, "while hatred fuels the terrorist agenda, money makes it possible." To date, the global community has frozen over $147 million in terrorist-related assets. But I want to return to the important role of leading the effort to protect our critical infrastructure. My office has the responsibility for discharging this obligation for the Department of the Treasury. I'm very pleased to note that the financial sector is strong and resilient. We know this because the sector has been tested, and we know this because of the significant attention the sector pays on a daily basis to business continuity and security. It was tested on 9/11, it was tested during the Northeast power outage in August of 2003, and it was tested again when the threat level for the financial sector in New York, New Jersey, and Washington, D.C. was elevated in August of 2004. It has survived tornadoes, hurricanes, and blizzards. Each incident proved the financial sector to be adaptable and resilient. Today, we are engaged in a two-front war to protect our nation's critical infrastructure. One front is physical, with the focus on protecting people, property, plants, and equipment. The other front is cyber, and our efforts there center on protecting systems and data. President Bush has stated that protection is "a shared responsibility…requiring close cooperation between government and the private sector at all levels." As we face a changing threat matrix, we must mount a powerful, coordinated defense: a partnership between the public and private sectors to minimize disruptions in the event of an attack and to quickly restore our way of life, which is the ultimate in defiance against terrorism. We've organized our efforts to protect the critical infrastructure of the financial sector based on this perspective. Our strategy is built on two pillars – a public sector pillar comprised of the federal and state financial regulators, and a private sector pillar that includes an organization of the leading financial industry trade associations and institutions. Communication between these government and business channels is the cornerstone of our strategy. Generating accurate and timely information about threats to our physical and cyber infrastructure and then sharing that information are essential outcomes of this communication. The Treasury chairs an organization comprised of the federal and state financial regulators. This organization is the Financial and Banking Information Infrastructure Committee, or FBIIC. The FBIIC is chartered under the President's Working Group on Financial Markets, and is charged with improving coordination and communication among financial regulators, enhancing the resiliency of the financial sector, and promoting the public/private partnership. You will hear shortly about two of our most important private sector organizations, the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center. Each of these organizations works closely together to share information and collaborate on initiatives that advance the financial sector's preparedness. Four principles guided our actions in the aftermath of September 11 and they continue to guide our actions today. These principles form the bedrock of our collaboration with the financial sector. As I outline these principles, it is important to note that financial sector is highly resilient. The sector has been a target for criminals since its very beginnings. And while we have a strong regulatory regime in place that ensures the safety and soundness of financial institutions, I believe that protecting critical infrastructure is fundamentally a risk management issue, and that there is no "one size fits all solution" to be achieved through additional regulation. In fact, such regulation may actually harm our goal of ensuring a reliable and resilient financial services sector, by depriving the sector of the flexibility it needs to counter the threats that exist. The first principle is the protection of people. People, not buildings or computers, produce financial services. And it is people who benefit from financial services. We depend on people - tellers, technicians, loan officers, technologists - to operate the financial system and to see the system through during times of stress. Indeed, it was the commitment of these professionals to their institutions, customers, and colleagues that helped the financial system recover from the September 11 attacks. Just as we depend on people to operate the financial system, people around the globe depend on the U.S. financial system to stay up and running. This leads to our second principle: maintaining confidence. We rely on financial services to process our paychecks, buy groceries, purchase a house, finance our children's education, or save for retirement. We must ensure that consumers trust in the financial system. And this in turn produces confidence. Rock-solid confidence in the ability of financial institutions to clear checks, execute transactions, and satisfy insurance obligations, despite disruptions, assures our citizens and the world that America is a good place in which to invest. The third principle is to ensure that the financial system remains accessible and helps keep America "open for business." When a disaster occurs, investors rely on markets to price the impact of the disruption on assets. The longer markets are closed, the longer investors must go without knowing the effects of the disaster. This uncertainty can itself be harmful to the economy, compounding the impact of any disruption. An ability to re-open financial institutions quickly helps eliminate uncertainty, enabling us to dull the pain of an attack and speed recovery. Fourth, we encourage decentralized decision-making and swift, responsible action by the private sector. In general, financial institutions should engage in problem-solving and make appropriate decisions without waiting for or depending on guidance from Washington. After all, it is the private sector that owns and operates the majority of the financial systems, and therefore the private sector knows best how to mend these systems after a disruption. As government and private industry share more and better information, financial institutions become better prepared to estimate the risks they bear and better equipped to effectively reduce the probability of a disruption through strategic investments. Furthermore, as more institutions enhance security and reliability, the incentive increases for competitors to invest in innovative solutions as well. This cascading effect delivers an efficient and effective means of encouraging optimal investment in corporate resilience. In some firms, it may shift critical infrastructure protection from a corporate liability to an asset and competitive differentiator. Finally, an industry that responsibly protects itself reduces the need or desire for the government to impose costly, inflexible, and potentially ineffective regulation. Thank you all both for your attendance here, and for all that you do to better secure America's vital financial services infrastructure.