Few years
ago, some of U.S. banks, including Citigroup, JPMC, and Bank of America, began
working on a secret, ultrasecure data
bunker called Sheltered Harbor. The data bunker holds a copy of all
bank transaction data to protect it from a devastating cyberattack.
What
is Sheltered Harbor?
Sheltered
Harbor is an initiative undertaken by the financial services sector. It provides
an extra layer of protection against potential cyber risks. Sheltered Harbor is
designed to provide enhanced protection for the customer accounts and data of
financial institutions. Its goal is to securely store account data and to recover
it even in the event of the loss of operational capability of a bank or
brokerage.
Multiple
industry associations collaborated to develop and deliver Sheltered Harbor.
They include:
- American Bankers Association
- Credit Union National Association
- Independent Community Bankers of America
- Financial Services Forum
- Financial Services Information Sharing and Analysis Center (FS-ISAC)
- Financial Services Roundtable
- National Association of Federal Credit Unions
- Security Industry and Financial Markets Association
- The Clearing House
These
financial services industry trade groups have established new resiliency
capabilities to ensure that consumers will be able to access their financial
accounts even if their banks or brokerages go out of business.
Banks has
to pay from $1000 to $50,000 to become members of Sheltered Harbor. Members
receive access to the full set of Sheltered Harbor specifications to ensure
secure storage and recovery of their account data.
Sheltered
Harbor Provides Data Security
Sheltered
Harbor provides data security through multiple mechanisms:
• It is physically isolated from unsecured networks. It
has no connection to
the Internet
(it is air-gapped).
• It is redundant and decentralized.
• It can survive any attack or disaster because the
vaults that store the banking
transactions are distributed geographically. Any disaster will leave at
least one vault operational.
• It prevents data stored in its vaults from being
changed by hackers or other unauthorized personnel.
• It is owned by each participant.
Customer
data stored in a Sheltered Harbor data vault is encrypted and kept private by
the institution owning that data. Extracted data is decrypted, validated,
formatted, and re-encrypted before it is transmitted to the requesting party
via industry-established file formats.
Sheltered
Harbor establishes standards to increase the resiliency of participating
institutions so that they can reliably access their data. It promotes the
adoption of these standards and monitors the adherence of financial institutions
to these standards so that consumers benefit from the added protections.
A
Backup Buddy System
Sheltered
Harbor provides a backup buddy system. Banks
choose ‘restoration’ partners that store a vault of one another’s core data,
which is updated each night. If one bank goes down, the other can restore
accounts from its buddy vault and make customers whole.
Thus,
redundant backup vaults eliminate the risk of a single point of failure.
Each day,
participating banks and brokerage houses convert customer data into a standardized
format, encrypt it, save it in air-gapped storage, and put it in the air-gapped
storage medium of their restoration partners.
Thus, the
data is archived in secure vaults that are protected from alteration or
deletion.
Sheltered Harbor is Complementary to FS-ISAC
FS-ISAC
(Financial Services – Information Sharing and Analysis Center) is a U.S. industry
trade group representing securities firms, banks, and asset management
companies. It is the global financial industry’s resource for cyber and physical
threat intelligence analysis and sharing.
FS-ISAC is
a member-owned, non-profit organization. It was created by and for the
financial services industry to help assure the resilience and continuity of the
global financial services infrastructure against acts that could significantly
impact the sector’s ability to provide services critical to the orderly
function of the global financial system and economy.
Founded in
1999, FS-ISAC has over 7,000 members worldwide. FS-ISAC enables financial
institutions to securely store and rapidly reconstitute account information
should
the data
become lost or corrupted. FS-ISAC makes account information available to
customers in the event that an institution appears unable to recover from a
cyber incident. In this respect, FS-ISAC performs functions similar to that of
Sheltered Harbor and adds to the capabilities of Sheltered Harbor.
Summary
Sheltered
Harbor was created to provide secure and resilient storage for the financial
transactions of banks and brokerages. It is unique in that it is owned by the
participating financial institutions.
Will
Sheltered Harbor ever use blockchain technology to increase its security and
resilience? A blockchain model has been created based on the Ethereum block chain.
However, it has yet to gain approval by the participating financial institutions.
Check this site for more details :
www.shelteredharbor.org
