FS-ISAC and Sheltered Harbor TLP WHITE. Revised 22 November 2016
November 23, 2016 / Source: FS-ISAC
Sheltered Harbor is a proactive initiative undertaken by the financial services sector and is designed to enhance resiliency and provide enhanced protections for financial institutions’ customer accounts and data. The focus of Sheltered Harbor is to extend the industry’s capabilities to securely store and restore account data, should the need arise. Sheltered Harbor is an additional layer of protection on top of existing defenses that many financial firms utilize. It is one of a series of proactive initiatives undertaken by the U.S. Financial Services industry to improve sector-wide resilience.
Sheltered Harbor enables financial institutions to securely store and rapidly reconstitute account information, making it available to customers, whether through a service provider or another financial institution, if an institution appears unable to recover from a cyber incident in a timely fashion. Consumer data stored in a Sheltered Harbor specified data vault is kept private by each institution, it is encrypted, and it is protected from change. The model is a distributed one, with no central repository of information. The concept for Sheltered Harbor arose during a series of successful cybersecurity simulation exercises between public and private sectors and known as the “Hamilton Series.”
Secure Data Storage
Sheltered Harbor participant institutions have the option of storing data directly in a data vault or procuring a data vault as an outsourced service. Regardless of where the data is housed, extracted data is validated, then formatted, encrypted and transmitted via industry-established standardized file formats. With key elements already in place, Sheltered Harbor is expected to be operational and widely adopted during 2017.
Sheltered Harbor is an industry-led organization, structured as an LLC and operated under the auspices of the FS-ISAC. Sheltered Harbor is directed by a 34-member Board of Directors broadly representative of the financial services industry. Multiple industry associations and their members collaborated closely in order to develop and deliver Sheltered Harbor, including the American Bankers Association (ABA), the Credit Union National Association (CUNA), the Independent Community Bankers of America (ICBA), the Financial Services Forum (FSF), the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Financial Services Roundtable (FSR/BITS), the National Association of Federal Credit Unions (NAFCU), Securities Industry and Financial Markets Association (SIFMA), The Clearing House (TCH) as well as advisors from Davis Polk & Wardwell LLP, PwC and Promontory Financial Group.
Sheltered Harbor is a not-for-profit industry effort. Members receive access to the full set of specifications to ensure secure storage and recovery of their account data, and an acknowledgement that they are Sheltered Harbor Ready when they attest to the implementation and operation of the Sheltered Harbor processes. Current Sheltered Harbor membership covers approximately 60 percent of U.S. retail bank and brokerage accounts. Significant participation across the sector is expected during 2017 and beyond. Sheltered Harbor is designed for banks and brokerages with US domiciled accounts.
Steven Silberstein is the Sheltered Harbor CEO. Silberstein has a significant background in financial technology, serving most recently as the Chief Technology Officer and Senior Vice President at SunGard, where he was responsible for the company’s product development organization.