Reducing the vulnerabilities and impact of successful exploitation of the financial sector’s cybersecurity infrastructure, primarily by acceding to the private sector and trading compliance for a greater investment in security, are central tenets of the Treasury’s strategic plan for the next four years, as outlined Monday.
The plan, released by Treasury Secretary Steven Mnuchin, includes cybersecurity enhancement as one of its numerous objectives spread out among five goals.
In enhancing cybersecurity and critical infrastructure, the 51-page document suggests that addressing both “may require increasingly dynamic, real-time approaches, with closer networks of government and industry partners working together to reduce the sector’s cyber vulnerabilities (and thus overall risk), thereby improving security and resilience.”
The plan gives a nod to the fact that the “critical infrastructure” of the financial sector is mostly privately owned and operated, with operational risk within the “purview and responsibility of the firm involved.”
“We consult with the private sector to identify and subsequently manage potential vulnerabilities, through advising on techniques such as information sharing, promoting the use of best practices, and creating automated tools,” the plan states.
“Not only are firms and the larger infrastructure better protected, but their boards can make better and more informed decisions regarding appropriate levels of cyber and operational risk they are willing to accept.”
Among the “measures and indicators of success” listed in this area are:
- improved coordination on cybersecurity supervisory efforts;
- increased resilience by shifting resources to improving security from regulatory compliance;
- adoption and use of the National Institute of Standards and Technology Cyber Security Framework;
- work conducted with domestic sector members and international forums to harmonize best practices with the framework.