Information sharing between the financial sector and government is “extremely dear” to NASDAQ, according to Louis Modano, the exchange's senior vice president and global head of infrastructure services.
That was a sentiment echoed by other members of a Friday panel on private and public sector responses to cyber risks in the financial sector at the Conference on Internet Governance and Cyber-Security hosted by Columbia University's School of International and Public Affairs (SIPA).
However, the panel noted that while government might have good intentions, its process for sharing information moves at snail's pace. “I'm confident government will get around to telling us,” said Elizabeth Petrie, director of strategic intelligence analysis at Citigroup Information Protection Directorate.
“The lag is critical,” she said, noting that “a lot can happen in 205 days,” the average time cited by FireEye's Mandiant that it takes for a breach to be discovered.
Petrie contended that government could use the resources of the financial industry as well. “We have more data than the government does,” she said, explaining, though, that financial institutions don't have the technical means to connect that information back to government with the indicators (of compromise) to expedite the sharing of information on threats and attacks.
Modano also called for government to hasten the declassification of information to “get it into our hands” faster.