Science and Technology

S&T is Partnering with Financial Service Organizations to Secure the Finance Sector from Cyber Threats

The nation’s critical infrastructure provides necessary services that are vital to our everyday lives. We know these services as the power we use in our homes, the water we drink, the transportation that moves us, and the communications systems we use to make personal or business transactions. These services are made up of complex networks that we strive to keep resilient and secure when faced with threats from cyber adversaries.

William N. Bryan, Senior Official Performing the Duties of the Under Secretary for Science and Technology. DHS is responsible for protecting the majority of the 16 critical infrastructure sectors, and even when we are not the named Sector-Specific Agency (SSA), we are partnering with agencies to offer solutions to keep our nation safe.

One example is the Financial Services Sector. The Department of Treasury is the SSA, however DHS Science and Technology Directorate (S&T) has developed the Next Generation Cyber Infrastructure (NGCI) Apex program (Cyber Apex) to provide cybersecurity solutions to this sector. Through the Cyber Apex program, S&T has partnered with the Department of Treasury to engage financial services organizations and encourage participation in the Cyber Apex Review Team, also known as the CART.

The goal of the Cyber Apex Program is to reduce vulnerability gaps within the finance sector. The CART assists DHS by defining and prioritizing requirements, planning and reviewing test and evaluation activities, and reviewing suitable technologies and methodologies.

The Cyber Apex program addresses cybersecurity challenges by providing the financial services sector with technologies and tools to confront advanced adversaries by leveraging existing federally funded and private sector research efforts. Cyber Apex uses a flexible, repeatable technology development approach with two distinct phases, applied research and test and evaluation.

Specifically, the program conducts needs analysis, metrics identification, technology foraging, solicitation creation, proposal selection, and test and evaluation. Based on the results, CART members have the option to conduct further testing, funded by DHS, in their own operational environments.

Currently, the CART is a mix of large banks and financial institutions, however S&T is expanding the group to mid-sized and regional banks to increase knowledge and information sharing. As members of the CART, financial organizations will have the opportunity to identify cybersecurity gaps, review research findings and receive recommended solutions to help keep networks and systems safe from cyber threats.

To date, the Cyber Apex program is researching four efforts—detecting lateral movement within a network, gaining knowledge of artifacts on the network, improving analytical sharing methods and protecting sensitive data—but, as new capability gaps arise the program will add new research efforts.

If you are a financial services organization, I highly encourage you to join the CART. In addition to the valuable insight you can provide S&T, you will be provided solutions to keep the financial services sector, including your organization, safe. For more information visit the Cyber Apex program page or email the Cyber Apex team at CyberApex@hq.dhs.gov.