Skip Links

'Well organized, sophisticated, fast' cybercriminals scare US banks

Expert in financial services IT says public/private partnerships are the only way to battle hackers

By , Network World
October 04, 2011 06:01 AM ET

Network World - BITS, the U.S. financial industry's IT policy arm, has a new leader: Paul Smocer, an expert in email security and authentication.

Smocer is taking the lead of BITS at a time when financial services firms are responding to the emergence of new technologies -- including social networking, mobile computing and cloud computing -- while remaining under attack from ever-savvier cybercriminals. BITS is coordinating efforts by the U.S. banking industry to create new top-level domains -- such as .bank, .insure and .invest -- that would be restricted to financial services firms and could offer consumers extra protection from phishing, malware and other attacks.

We interviewed Smocer about the online threats and opportunities that he is most concerned about. Here are excerpts from the conversation:

What are the most pressing issues facing BITS over the next year?

We're focused on a handful of things. One is the public/private information sharing concept. As we have recognized the sophistication of what's going on in the cybercrime world, we also recognize that we need to coalesce around better sharing of information among financial institutions, among the various industry sectors, and with the government as well. We're in the middle of piloting an effort with the Treasury Department, [Department of Homeland Security] and its [Computer Emergency Readiness Team], where government resources come in and help do resiliency reviews of organizations.

IN THE NEWS: US agencies making progress on cybercrime, officials say

We're doing a lot of work with regard to mobile financial services [and] what kind of security and controls are needed. We're also doing work with [the Internet Corporation for Assigned Names and Numbers] around new top-level domains. We're working with the [American Bankers Association] and other associations to look at creating some top-level domains that could serve to enhance the security and resiliency of financial institutions on the Internet.

What is the BITS position on the ICANN plan to adopt hundreds of new top-level domains like .bank?

It presents opportunities and challenges. Other trade associations are still tending to fight the whole idea, but we see it as an opportunity to build a more secure and resilient space on the Internet for financial services. I don't know how quickly there will be a lot of conversion of consumer services to these domains, but they certainly afford us the opportunity for b-to-b transactions. Financial institutions exchange a lot of information amongst themselves, and having a space that's more secure than the general dot-com space works to our advantage.

What does BITS think of the new DNS security standard -- DNSSEC -- which helps organizations to prevent DNS spoofing attacks?

DNSSEC is an important step forward and some new top-level domains do require it, including those domains that deal with financial institutions and financial transactions. I like to think that's a direct result of our efforts. We're also spearheading work in Web security for whatever top-level domain that we would apply for.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News