Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

FS-ISAC Launches Financial Systemic Analysis & Resilience Center

FS-ISAC Announces New Initiative to Strengthen the Financial Services Critical Infrastructure

FS-ISAC Announces New Initiative to Strengthen the Financial Services Critical Infrastructure

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has launched what it calls the Financial Systemic Analysis & Resilience Center (FSARC). While FS-ISAC is primarily about sharing threat intelligence between banks and other financial institutions, FSARC will provide a more strategic analysis and identification of emerging threats to help mitigate systemic cyber threats. Those results will be shared through the existing FS-ISAC structure.

FSARC is the brainchild of CEOs from eight leading banks who came together to discuss ways to improve the resilience of the financial services infrastructure. The banks concerned are Bank of America, BNY Mellon, Citigroup, Goldman Sachs, JPMorgan Chase, Morgan Stanley, State Street and Wells Fargo.

Information about how FSARC will operate is limited and provides only a high level overview. “The challenges associated with cyber-attacks and the financial fraud stemming from such incidents are bigger than any one institution, and this is something the financial sector must face together. We are stronger and more resilient when we work collectively to understand the evolving tactics of cyber adversaries and to deepen the layers of defense against such attacks,” said Bill Nelson, President and CEO, FS-ISAC in a recent statement. 

FS-ISAC shares threat intelligence with its members, and does so anonymously if required by the members concerned. It receives intelligence from US government agencies such as the Department of Treasury, the Department of Homeland Security and the Federal Bureau of Investigation; but will only share with them if approved by the member. FSARC is likely to increase this relationship with government agencies (the US Secret Service tweeted its congratulations on the launch); but it says it will maintain the existing structure and methods for disseminating information. 

“FSARC is a long-term strategic initiative that performs deep analyses of systemic cyber risk across financial products and practices. Findings and adaptable mitigation strategies will be shared across the financial sector through FS-ISAC and its membership,” explains FS-ISAC in a statement.

So far we seem to know only who and where; but not how. FSARC is looking to establish its own physical location, understood to be in Arlington. It is also believed that for the time being at least it will use FS-ISAC’s existing web structure. Bank of America’s Siobhan MacDermott and JPMorgan’s Greg Rattray will serve as interim Co-Presidents until the center reaches full operational capability. 

How FSARC will achieve a proactive analysis of emerging threats is not yet known, but it seems almost certain that it will leverage the expanding and improving technology of analytics based on machine learning. Machine learning analytics works best when there is a large pool of data from which to learn. The current FS-ISAC database has thousands of threats, vulnerabilities, and events dating back to its formation in 1999. What isn’t known is whether FSARC will develop its own analytics, or will call on the security industry.

One firm already involved in machine learning threat detection for financial services is Corvil. “This newly established center enables banks to gain an upper hand in their ongoing asymmetric battle against cyber crime, through both collaboration and a preventative, longer term perspective,” Corvil’s Graham Ahearne told SecurityWeek.

“At the heart of what FS-ISAC provides is a platform that enables collaboration. This new resilience center takes all that works well from FS-ISAC and combines it with longer range perspective and planning, paving the way for more proactive and preventative measures.”

Since prevention is always better than cure, the output from FSARC will provide a more holistic, broader view of both challenges and options for associated solutions.

“Financial services fuel the engine of our economy,” he said, “and bold steps need to be taken in order to assure this engine is protected and resilient. This new initiative takes a promising step in that direction.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Incident Response

Implementation of security automation can be overwhelming, and has remained a barrier to adoption