The U.S. Department of Homeland Security last week released an update to its list of 16 critical infrastructures, which included financial services such as payments and clearing and settlement of securities.
“The Financial Services Sector-Specific Plan details how the National Infrastructure Protection Plan risk management framework is implemented within the context of the unique characteristics and risk landscape of the sector,” the department said in its announcement. “Each Sector-Specific Agency develops a sector-specific plan through a coordinated effort involving its public and private sector partners.”
The Department of Treasury is designated as the agency for the financial services sector. Other sectors considered critical include energy, transportation and communications.
Valerie Abend, managing director, Accenture Security, said the department took a comprehensive view of security.
“It took a look at what functions have to be done all the time, and let’s figure out how to protect them,” she said. “You pick one function and it will cross more than one entity; I think it is a really good way to manage risk.”
The DHS Cybersecurity and Infrastructure Security Agency (CISA) April 30 released what it termed the “inaugural set of national critical functions” but, in fact, the list goes back to 2010, 2013 and 2015.
“Led by CISA’s National Risk Management Center (NRMC), this effort represents an evolution in thinking with respect to risk management that focuses security and resilience efforts on cross-cutting functionality, instead of more static asset, organization, or sector-specific view.,” the departments said in its announcement.
“Identifying these National Critical Functions has been a collaborative process between public and private sector partners and marks a significant step forward in the way we think about and manage risk,” said CISA Director Christopher Krebs. “By moving from an individual, sector-specific lens to a more comprehensive, cross-cutting risk management framework, we can identify and manage risk in a more strategic and prioritized manner.”