The best kept secret in cybersecurity is protecting U.S. banks against catastrophic attacks

If one financial services firm cyber destructs, then another one takes over.

The best kept secret in cybersecurity for banks
Thinkstock

More than 100 industry experts from the U.S. banking and financial services industry quietly collaborated on a groundbreaking cyber resilience initiative dubbed Sheltered Harbor earlier this year.

The initiative provides its members with an extra layer of security. If a catastrophic cyber attack brings down a member bank, then another bank takes over.

How Sheltered Harbor works

The Sheltered Harbor website explains how its members participate, which is strikingly simple and ingenious:

  • All participating institutions, on a regular basis, make a copy of the consumer's account data in a standard format, which enables the restoration of accounts in the event of a major outage.
  • The account data is archived in a secure data vault that is protected from alteration or deletion. The data will stay intact and accessible if needed — exactly as when it was archived.
  • All participating institutions update their adherence reviews to ensure that the Sheltered Harbor standards are exercised consistently and in accordance with Sheltered Harbor specifications.

Benefit to customers

The premise behind Sheltered Harbor is that some banks and financial services firms will inevitably suffer cyber attacks — and when that happens, customers will be harmed.

Hacks on banks can lead to inaccessible customer accounts and assets, shaken consumer confidence, and an unstable U.S. financial system.

If a bank is participating in the new initiative and they are the victim of a major data breach, then their customers will have minimal disruption to their financial accounts.

To put it another way for tech challenged consumers — there’s a bank, and a backup bank.

Why haven't we heard about Sheltered Harbor?

Sheltered Harbor’s website provides a list of FAQs, including "Why haven’t I heard of Sheltered Harbor before?"

Their answer: "Sheltered Harbor’s goal is to enhance the protection of the retail financial services industry. Until recently, we have been operating quietly to get our standards complete and to get early adopters testing the process."

Who’s behind the Sheltered Harbor initiative?

Sheltered Harbor explains itself as a not-for-profit industry-led initiative founded by 34 financial institutions, clearing houses, core processors and industry associations, collectively representing a significant percentage of the retail banking and brokerage accounts in the U.S.

Steven Silberstein has been the CEO at Sheltered Harbor LLC since the organization was formed in April 2016. Previously, he was a board director at The International Association for Quantitative Finance (IAQF), a not-for-profit, professional society, and SVP/CTO at Sungard, the world's largest global provider dedicated to financial technology solutions.

The people who make up Sheltered Harbor are mostly volunteers from their founding members, who share their expertise and work efforts. A small, dedicated team of experienced leaders make up the central Sheltered Harbor organization.

The cat’s out of the bag

Sheltered Harbor has barely been covered by the media and has truly been the best kept secret in cybersecurity.

The lead story on the front page of the Business & Finance section of The Wall Street Journal earlier this week proclaimed “Banks Create Cyber Doomsday System.” That will surely bring more attention to the initiative, which is a good thing.

Healthcare, the most cyber targeted industry, should pay careful attention to Sheltered Harbor — and model around it. The same for manufacturing and all verticals. There’s power in unity, and industry collaboration where one organization has the other’s back is the ultimate form of cyber resilience.

Kudos to everyone involved with Sheltered Harbor! While the initiative may no longer be a secret, it’s still the best cybersecurity.

Visit SteveOnCyber.com to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.

Security Smart: 4 Common Password Myths ... Debunked!