US Treasury official Cyrus Amir-Mokri explains cyber-security framework
From: Finextra
Source: Sifma
Good morning. Thank you for having me. I commend SIFMA on organizing this seminar dedicated to discussing President Obama’s Executive Order 13636 and the cybersecurity framework published by the National Institute of Standards and Technology (NIST).
I also commend SIFMA for its more general focus on cybersecurity, and in working with other industry associations and government agencies on these issues.
What I’d like to do today is to outline the basic substantive elements of the NIST Framework and then to offer some thoughts on how our operational activities and policy thinking at Treasury fits with the Framework. I hope that my account will both give you a sense of what we have been doing to help improve the financial sector’s cybersecurity resilience and suggest some direction for further policy and operational development.
But I’d like to start with a few fundamental observations about our collective cybersecurity efforts. The first is just that: our cybersecurity efforts are collective, and it is important that they remain so. The endeavor is collective along several dimensions. It is, for example, a “whole of government” effort. To illustrate: even though Treasury is the financial sector’s “sector specific agency”, Treasury can be effective only if it works well with other government agencies, including the financial regulators, law enforcement, homeland security, and the intelligence community. Each agency has particular expertise, responsibilities, and functions, and each agency must communicate and coordinate with the other agencies to make the collective endeavor work.