Wall Street seeks cyberterror defences

The most effective way to deal with the twin threats posed by hackers and cyberterrorists, say many Wall Street IT executives, is to form a unified effort between the private sector and government to create a central communications platform to alert and disseminate information about such attacks using a private Web site.

A panel made up of representatives from the U.S. Secret Service, the National Infrastructure Protection Center and the Financial Services Information Sharing and Analysis Center (FS/ISAC) pressed attendees at a Securities Industry Association cyberterrorism workshop in New York last week to work toward sharing information within the financial industry and with law enforcement about probes and attacks on firms’ technology infrastructures.

The FS/ISAC, a private organization in New York, charges companies a minimum US$7,000 annual fee for alerts and access to information about hacking and cyberterrorism threats. Stanley Jarocki, vice president of IT security engineering at Morgan Stanley Dean Witter and chairman of the FS/ISAC, said cyberterrorists supported by governments have almost unlimited resources to do damage to Wall Street’s IT infrastructure.

Jarocki said firms should either join the FS/ISAC’s service or create a secure, central Web site through which they can share information anonymously with one another.

C. Warren Axelrod, director of information security at the Pershing Division of Donaldson, Lufkin & Jenrette Securities Corp. in Jersey City, N.J., pointed out that the greatest cyberterrorism threats come from “someone infiltrating your organization and using that power to do damage.”

“The way firms can protect themselves is to share the information with each other without broadcasting it,” Axelrod said.

Bob Weaver, an agent of the Secret Service’s New York Electronic Crimes Task Force, agreed. He said almost 70 percent of the more than 900 people the Secret Service has arrested in New York in connection with intranet attacks are considered insider threats. He recommended that companies adopt background checks for employees based on the sensitivity of an individual’s position within the organization.

“On the backside of this is negligence suits by insurance companies based on the fact that you didn’t have due diligence or best practices in place,” Weaver said.