DHS Updates U.S. Critical Infrastructures Including Payments And Securities Settlement

Among the goals listed:
Provide and Maintain Infrastructure
Provide Capital Markets and Investment Activities
Provide Consumer and Commercial Banking Services
Provide Funding and Liquidity Services
Provide Identity Management and Associated Trust Support Services
Provide Insurance Services

“The National Critical Functions construct provides a risk management approach that focuses on better
understanding the functions that an entity enables or to which it contributes, rather than focusing on a
static sector-specific or asset world view. This more holistic approach is better at capturing cross-cutting
risks and associated dependencies that may have cascading impact within and across sectors.

The DHS also talks of resiliency, which suggests not just preventing an attack but surviving it, even at it may continue. It is a point Accenture makes in its recent report: “Extreme but Plausible Threat Scenarios In Financial Services.”

CISA also calls for a tired risk register.

“By performing risk and dependency analysis and consequence modeling, CISA will identify scenarios that could potentially cause national-level degradation to National Critical Functions. This will result in a tiered Risk Register – prioritizing areas of national risk to critical infrastructure in need of mitigation and collective action.”

CISA said it is looking for information to help answer the
question of “what keeps you up at night.”

In addition to financial services, communications and the internet rank high in its list of critical functions:

About Tom Groenfeldt

I write - mostly about finance and technology, sometimes about art, occasionally about politics and the intersection of politics and economics. My work appears on Forbes.com and and occasionally in The American Banker and Banking Technology in London.
This entry was posted in fintech, payments, security, Uncategorized and tagged , , , , , , , . Bookmark the permalink.