Success with a financial sector cybersecurity pilot has led the Homeland Security Department to expand information sharing and response coordination efforts to additional industrial sectors, a top DHS cybersecurity official told a Sept. 14 House panel.

In February 2010, DHS, the Defense Department and the Financial Services Information Sharing and Analysis Center together stood up cybersecurity project for the banking and finance sectors.

"Both government and industry have information of value to each other that we would not have had if we were not working in collaboration," said Greg Schaffer, the acting deputy undersecretary of the DHS National Protection and Programs Directorate. He testified before the House Financial Services subcommittee on financial institutions and consumer credit.

In his written testimony, Schaffer said critical infrastructure will be the next sector to be covered by a DHS cybersecurity pilot, stating that registered critical infrastructure sector entities will have access later this year to an online collaboration portal meant for information sharing.

DHS, with the Treasury Department and the BITS Financial Services Roundtable also has underway a two-phase pilot to assess the resilience of five financial institutions' enterprise networks, along with the presence of malicious activity on them, Schaffer said.

The first phase consists of a DHS risk management evaluation, while in the second, US-CERT will analyze data provided by the institutions for malicious activity--and if found, will provide them "targeted strategies to mitigate the strategy,' Schaffer said in his written testimony.

The FBI has under investigation more than 400 case of corporate account takeovers in which cyber criminals initiated Automated Clearing House or wire transfers from U.S. banks, said Gordon Snow, assistant director of the FBI cyber division, during the hearing. The cases represent an attempted theft value of more than $225 million and actual losses of about $85 million, he added.

For more:
- go to the hearing webpage (prepared testimonies and webcast available)

Related Articles:
Certificate hack compromises Dutch government websites 
Dodaro: Key challenges remain for DHS in cybersecurity mission 
Panel: Compliance does not create cybersecurity