SPEAKERS CONTENTS INSERTS
Page 1 TOP OF DOC
GOVERNMENT AND INDUSTRY EFFORTS
TO PROTECT OUR MONEY DURING
BLACKOUTS, HURRICANES, AND
Monday, October 20, 2003
U.S. House of Representatives,
Subcommittee on Oversight and Investigations,
Committee on Financial Services,
The subcommittee met, pursuant to call, at 2 p.m., in Room 2128, Rayburn House Office Building, Hon. Sue W. Kelly [chairwoman of the subcommittee] presiding.
Present: Representative Kelly.
Also Present: Representative Kanjorski.
Chairwoman KELLY. This hearing of the Subcommittee on Oversight and Investigations will come to order. This afternoon we are going to have a hearing on the government and industry efforts to protect our money during blackouts, hurricanes and other disasters. The blackout which began on Thursday afternoon, August 14, left millions of Americans in the dark in many ways. Many were stranded at work, wondering how to get home. I know many of my own constituents who work in New York City couldn't get home that nigh, and there were others that were stranded at airports and in other transportation systems wondering when to give up, try to find alternatives and try to get home through all the dark corridors.
In the end, major cities from New York City to Detroit were without centrally generated power. Airports, water and sewerage plants and 9/11 emergency systems were shut down. The communications systems pretty much failed. It is now even clearer that the technology age that we live in, which allows us to provide services and access information in a heartbeat, has increased our reliance on power.
Page 2 PREV PAGE TOP OF DOC It is imperative now that we review efforts to protect our systems and the infrastructure that is ever more entwined and dependent on one another. At the heart of critical infrastructure is the safety and soundness of the financial services sector. Fortunately through all of this, it appears that the financial services sector did not suffer any serious negative impacts, but we need to use the recent blackout as a test to assess the security and dependability of our financial systems. Without a doubt, there are lessons to be learned and improvements to be made.
Today we welcome Wayne Abernathy, the Assistant Secretary for Financial Institutions at the Treasury Department, who will release a special report. If you are looking for it, this is what it looks like. He is going to release a special report on the impacts of the blackout that will be crucial as to how to handle disasters in the future. Assistant Secretary Abernathy worked around the clock with many of our other witnesses who will be here today to implement backup plans during the blackout.
Joining Assistant Secretary Abernathy on our first panel is Federal Reserve Board Governor Mark Olson, who is also very instrumental in these efforts.
Keeping our financial systems functioning and safe requires a high degree of coordination between many different and important parties, both public and private. The private sector witnesses on our second panel are leaders in protecting critical financial assets from major disasters. These witnesses, along with others in the private sector and government who couldn't be represented here today, worked to ensure that our money supply and funds flow would not be jeopardized. The Depository Trust and Clearing Corporation, the New York Stock Exchange, Nasdaq, and associations such as the Bond Market Association played key roles to keep the markets working during the blackout.
Many other agencies were also involved in addition to the Treasury Department and the Federal Reserve System, including the SEC. As the regulator of the Nation's largest financial institutions, the supervisor of the New York State Banking Department, my good friend Diana Taylor, also played a key role. We thank the SEC and Ms. Taylor for their written statements which, without objection, we will submit into the record.
Page 3 PREV PAGE TOP OF DOC [The prepared statement of the Securities and Exchange Commission can be found on page 92 in the appendix.]
[The prepared statement of Diana L. Taylor can be found on page 86 in the appendix.]
Chairwoman KELLY. We really appreciate their statements. We look forward to hearing accounts of how our witnesses managed during the blackout and how emergency plans for protecting critical infrastructure, the ones that have been in place before September 11, how they worked. There is no better indicator of success of those plans than the fact that there was apparently no financial panic either during or after the blackout.
We also want to hear how prepared everyone was for a major hurricane and whether they understand what these plans are and whether or not Hurricane Isabel had any serious consequences.
I thank the witnesses for appearing here today and look forward to your testimony. Together, I hope we can ensure that our financial systems continue to function smoothly under all circumstances and the American people will continue to have confidence in the financial services sector.
The Chair notes that there will be members coming from the full committee and there will be members coming from this subcommittee. So, without objection, all members who have statements, questions to ask of the panels, and we ask the answers to those questions be included in the record. So, without objection, so ordered.
With that, I will introduce our first panel. We welcome Honorable Wayne Abernathy, Assistant Secretary for Financial Institutions at the Treasury Department, and the Honorable Mark Olson, member of the Board of Governors of the Federal Reserve System. The SEC was unable to appear today due to scheduling conflicts, so we invited the Commission to submit the statement which I have submitted for the record.
Page 4 PREV PAGE TOP OF DOC Additionally, I invited Ms. Diana Taylor, supervisor of the New York State Banking Department, to submit a statement as well about her activities in this area. So, with unanimous consent, we have entered their statements in the record.
We thank you, Mr. Abernathy and Mr. Olson, both for testifying before us and we welcome you on behalf of the committee. So, without objection, your written statements and any attachments will be made part of the record. And, without objection, we are going to continue this hearing. I would hope that you will give me a 5-minute summary of your testimony, because your testimony willyour full testimony will be in the record.
You will now be recognized for that 5-minute testimony. When the light changes color, you probably know, you havewhen it goes from green to amber, you have 1 minute to pull your thoughts together and give us a summary. When it goes red, the 5 minutes is over.
Chairwoman KELLY. And we will begin with you, Mr. Abernathy. It is veryI am very pleased to have you here with us today. Go to your testimony now, please.
[The prepared statement of Hon. Sue W. Kelly can be found on page 34 in the appendix.]
STATEMENT OF HON. WAYNE A. ABERNATHY, ASSISTANT SECRETARY FOR FINANCIAL INSTITUTIONS, DEPARTMENT OF THE TREASURY
Mr. ABERNATHY. Thank you, Chairwoman Kelly, and members of the subcommittee. It is a pleasure to be here today. I am today representing not only the Department of the Treasury, but also the Financial and Banking Information Infrastructure Committee, or FBIIC. The FBIIC is charged with improving coordination and communication among financial regulators, enhancing the resilience of the financial sector and promoting communication and coordination with the private sector entities that make up and operate within our financial services sector. I represent the Department of the Treasury in chairing that committee.
Page 5 PREV PAGE TOP OF DOC Following recent events, the FBIIC conducted a review and compiled a written report that you kindly mentioned in your statement, The Impact on the Recent Power Blackout and Hurricane Isabel on the Financial Sector, which the FBIIC is releasing to the public today, and I submitted a copy of the report together with my statement.
Both in preparation for potential disruptions and in responding to actual threats, we are guided by four principles in order of importance:
First, and most important, we must remember in all that we do to protect our financial infrastructure, that it is always about people. It is the people that make our financial institutions work, people that design the systems, people that make them successful, people that innovate to keep them fresh and dynamic, and it is people whom they are designed to serve; people who rely upon financial services for so many aspects of their daily lives.
Second, because it is about people, it is about confidence. Our financial institutions operate on confidence, but they also promote confidence. In fact, confidence is what our financial institutions must provide; confidence that financial transactions will be carried out, that checks will clear, that bills will be paid, that investments will be made, that insurance promises will be kept. The confidence provided by financial institutions plays a big part in helping to cope with the trauma of disaster.
Third, essential to that confidence is open markets. Financial institutions should be open for business, allowing Americans everywhere to engage in their business even during, or especially during, times of stress. It is important for financial institutions and markets to continue to operate as close to business as usual as possible.
The fourth guiding principle is that we want to promote local decision making and problem solving both as we prepare for disruptions and as we weather them. The experts that are on the ground and in the field are in the best position to determine what steps should be taken to protect employees and customers. We will help where we can, where we need to, but we intend to leave the responsibility with the financial institutions and the regulators that are closest to the problems to find the solutions. Initiative and ingenuity are the most powerful tools to deal with any disruption, and we must give full room for their exercise.
Page 6 PREV PAGE TOP OF DOC Impact of the power outage of August 14, 15, 2003. The U.S. Financial system handled the outage well. The bond market and major equities and futures markets were able to open the next day for business at their usual trading hours. Neither the Department of the Treasury nor any of our companion financial regulators received reports of lost data, significant failed transactions or other similar problems. Although there were isolated reports of telecommunications difficulties, the problems were minor and the participants resolved these problems during the day. Banks and credit unions also performed well.
Although the impact of Hurricane Isabel was less significant in degree, it was quite similar in kind to the impact of the power outage. Both resulted in widespread disruptions of electric power and the businesses that depend on it. However, the storm did not adversely affect the financial markets.
There are several reasons why the U.S. Financial system fared so well. First and foremost, the men and women who work in the financial system did an extraordinary job. During the outage many stayed at their posts to ensure that their systems preserved and processed data from trading on Thursday and that their systems would be prepared to resume trading the next day, on Friday. Almost immediately after the power went out on Thursday, financial institutions began asking themselves not whether they would open for business the next day, but how they could best serve their customers' needs. This commitment to serve customers even in times of adversity is important. I wish to note that financial institutions decided on their own that they would open for business the next day. They did not wait for guidance from Washington.
There are many other things that we learned in terms of problems that we need to resolve. Perhaps the most important is the way in which our financial services sector depends on several others. For that reason, I would say even though the U.S. Financial system is more resilient today than it was a year ago, the men and women who work in the system help make it so and they are the ones continuing to work on the problem today.
Page 7 PREV PAGE TOP OF DOC Our job is not finished. It is a big job. To paraphrase Winston Churchill, we are not at the end or even at the beginning of the end, but we might be nearing the end of the beginning. Americans and the world can rely with increasing confidence on the U.S. Financial system. Thank you.
Chairwoman KELLY. Thank you very much, Mr. Abernathy.
[The prepared statement of Hon. Wayne A. Abernathy can be found on page 35 in the appendix.]
Chairwoman KELLY. Mr. Olson.
STATEMENT OF HON. MARK W. OLSON, GOVERNOR, FEDERAL RESERVE SYSTEM
Mr. OLSON. Thank you very much, Chairwoman Kelly. Thank you also for inviting us and thank you for holding this important hearing. My comments will be very similar to Wayne Abernathy's and very similar to the summary that you just went through with respect to the impact on the financial services industry. My focus will be from the vantage point of the Federal Reserve System and on the banking industry. And to repeat what you said, the markets remained calm and by and large and the citizens remained calm. Disruptions were relatively minor, more so I think as a result of the power outage than the hurricane, so I am going to focus a little bit more on the power outage and a little less so on the impact of the hurricane.
I think to start off, it is important to remind ourselves the fact that the disruptions were minor was not accidental. The banking industry has been faced with business disruptions over the course of its history and we had learned that business interruption is a fact of life of managing the financial services system. As a result of that, we make business continuity planning a very important part of our expectation for banking executives and we examine for the capacity and the capability of business continuity planning.
Also, I think it is important to remember that the events, first of all of Y2K and then the tragedy around September 11, 2001, has introduced elements of risk exposure with respect to business continuity that have required that we elevate the level of our preparation.
Page 8 PREV PAGE TOP OF DOC With specific focus on the power outage, as you recall, it occurred very late in the day on Thursday at about 4:11 or so, and the capital markets had closed, but very quickly the markets indicated that they would be open the following day, on Friday. As you probably know, banks are not allowed independent discretion as to whether or not to open during the normal banking day, but both the Comptroller of the Currency and many of the State bank commissioners very quickly allowed for closings should they be required. Our indication is that only perhaps a dozen banks in the entire impacted area closed, and that would be a dozen out of a universe in those States perhaps between 500 and 700 total institutions. So it was very small.
The liquidity of the markets was relatively unimpacted. The Federal funds market was impacted slightly and there was some volatility and that had to do with the fact that the Federal funds market is the interbank borrowing/lending vehicle and many of those transactions do not settle until the end of the day. So those were about to settle about the time that the power outage occurred. And so while there was volatility, it was not significantly disruptive. Also the following day, on Friday, as a result of the carryover, there was some volatility also.
From the consumers' point of view, the major impact was access to ATM machines. Some ATM machines remained open either because the branch had backup power or because the ATMs were on battery power. Consumers in general are not unused to experiencing some kind of disruptions with respect to access to ATMs. ATM machines are increasingly ubiquitous so it is not our perception that there were major problems. There are five separate Federal Reserve facilities in the area of the power outage. All of them had backup power from generators and all of them were fully functioning. As far as we knowand this is exactly what Wayne saidwe are not aware of any financial records that were destroyed in the process.
With respect to Hurricane Isabel, the major advantage in preparation was that it was well anticipated. And as a result, there was more extensive advance preparation, and that was evident. And key, of course, was the communication. In terms of the agency coordination, we could see evidence of coordination on three levels almost immediately from the vantage point of the Fed. There was communication immediately among the Fed institutions and also among the agencies, the FFIEC and then more broadly among the Federal Government agencies, so the coordination was very strong.
Page 9 PREV PAGE TOP OF DOC Lessons learned: Probably the most important lesson learned from our perspective is that the best response is to be well prepared. It is a variation of a good offense is the best defense. But clearly as a result of the preparation, the anticipation of the reverse of what could go wrong helped limit the disruption.
Point number two, communications was important. And you can quantify to an extent the value of good communications. The Treasury markets for example were opened longer than the equity markets and the Treasury market dropped about 10 basis points. Long bonds dropped about 10 basis points almost immediately. As soon as the announcement was made that the outage was not as a result of a terrorist activity, the markets responded very quickly by returning to the pre-outage level. And that is a strong indication of the value of good communication. In addition to the announcement that the markets would open again on Friday these two announcements, went a long way I think in helping calm the general public.
I think another important lesson learned is the need not just for an immediate backup facility, but the ability also to provide for what might happen if that backup facility is required to stay functioning for some period of time; for example, availability of a fuel source for institution using generators.
Chairwoman Kelly, we were very proud of the fact that within the Federal Reserve System a number of our employees came in on Thursday and Friday during the hurricane, many of whom stayed overnight. I would like to submit their names for the record and make it a permanent part of this hearing.
[The following information can be found on page 84 in the appendix.]
Chairwoman KELLY. So moved.
Mr. OLSON. And that concludes my opening remarks, and I would be happy to answer any questions.
[The prepared statement of Hon. Mark W. Olson can be found on page 65 in the appendix.]
Page 10 PREV PAGE TOP OF DOC Chairwoman KELLY. By all means, do submit the names of the people who did spend many hours apparently sleeping on the floor or working all night long. If you will get that to my office, we will try to see that they get some recognition and thanks for what they did. It is imperative for the U.S. economy that the markets stay open and that the banks stay open, so I am delighted to be able to acknowledge their efforts.
Thank you, Mr. Abernathy, for your testimony. I want to remind both youboth of you and the panelists for the next panel, I not only sit here on the Financial Services Committee, but I am also on the Transportation and Infrastructure Committee. And I was very interested in some of the testimony today that I was reading about the fact that there were some infrastructure problems here. I think we need to put our heads together and work to make sure it is just not the power grid going down that was the problem. From what I understand, there were issues like potable water and transportation issues with regard to getting fuel where it needed to go to keep the generators going, things like that.
I would be very interested in working with both of you and with our next panelists on addressing specifically what went wrong to see if there is something I can do to help that situation from a transportation and infrastructure decision as well. So thank you very much.
I just want to ask a few questions here of both of you. I would like to get a few details about your activities and those of the staff.
Mr. Olson, you told us your staff was there. I would like each of you to tell me where you were when the August 14 blackout occurred. I am more interested in that because it was a sudden occurrence. We had a lot of preparation. We knew the hurricane was coming, so people could prepare for it. But with a blackout, that is a sudden act and equal to something that could be akin to a terrorist act. So to me, it is very important to know how this all worked.
And I agree with you, Mr. Olson, in your statement. I believe in this instance with regard to the financial services of America, the Boy Scout motto is the best: Be prepared.
Page 11 PREV PAGE TOP OF DOC With that in mind, tell me where you both were on the afternoon of August 14, and I would like to know whether or not you were able to be in communication with the other regulators and the private sector counterparts, what worked and what didn't work for you. If you could develop that for me, I would appreciate that.
Mr. ABERNATHY. If I may begin, Ms. Kelly, it is very fortuitous, that particular day we had chosen ahead of time as an opportunity to test one of our backup facilities and I was actually at one of the Treasury Department's backup facilities testing our ability for me to do my job from a location other than at main Treasury when this additional test occurred. And one of the aspects of the test that made it very rewarding to us was that it presented a compound question: Can we not only operate from that backup facility but can we operate in a crisis situation? And the answer is yes. I was able to do everything I could have done from my office in main Treasury at this backup facility. I was in constant communication with the other regulators. I was in regular communication with the financial services sector. I could contact the different regulators and ask them how are your markets doing, any disruptions, and I was very pleased that we are able to test both our ability to coordinate but also coordinate from an unusual site.
Chairwoman KELLY. For you, what the systems were that you had in place at that time, they worked as far as you could see?
Mr. ABERNATHY. Yes.
Chairwoman KELLY. Mr. Olson.
Mr. OLSON. It occurred late afternoon on the Thursday. And in response to your comment about the Boy Scout motto, ''Be Prepared,'' I was fortunate that our resident Eagle Scout, Steve Malphrus, was available and he came into my office and indicated that there had been a power outage. As a result of some of the preparation that we had been through and as a result of the prioritizations that we had done previously, our first question was, are our people all right? That was the first that we haveas a result of the preparation we have done, that isthat is the first question we asked.
Page 12 PREV PAGE TOP OF DOC Second question we asked, are the Fed facilities functioning? And we determined fairly quickly that they were functioning.
I think priority number three was to focus on Fedwire. Fedwire is the large dollar payment system, and because of the fact for the most part the telecommunication system continued to work, Fedwire worked very well. We then initiated coordination with the other agencies. And as a result, we were able to learn fairly quickly that, for example, the OCC had given its pronouncement with respect to opening the following day. In terms of the priority, it was people, systems, facilities.
Chairwoman KELLY. Thank you. Each of you spent a number of years dealing with disaster planning in the financial services sector. I would like to have you grade where we stand now and how far we have come.
Let us start with how far you think we have come in terms of the grading scale. On a scale of zero to 10, with zero representing the most vulnerable and 10 representing the total fixing of the problem, the ideal, we had some vulnerabilities which may have gotten fixed over the Y2K problem, but I would be interested in your rating where we were and where we are now just on a scale of 1 to 10 to kind of give me an idea of what we need to do here.
Mr. ABERNATHY. Well, I think that presupposes a level of precision beyond where we are, but let me try to address the question this way. We certainly have been building upon preparations that have been in place over a number of years, and this is not something that the financial services sector woke up to in 2001. As you have correctly pointed out, a lot of what we rely upon today began in preparation for the Y2K phenomenon. And that built upon other efforts that had already been in place. We have financial institutions recognizing a lot of their strength comes from their reliability, and the reliability depends on the ability to operate when there is a disruption.
But each year has added to the ability to deal and cope with a new challenge. Each new challenge presents some new challenge that we didn't have before. I think what we have learned from the blackout was the more significant degree of interrelationship between the different infrastructures, as you pointed out, how communications and transportation, how water and other infrastructure tie into the ability of the financial infrastructure to operate and how they are interrelated. That is something we are probing now more than we did a few months ago, although we had been doing some of that up to that point. Probably the best I can do with regard to numbers, I would say we are much closer today to 10 than we are to zero.
Page 13 PREV PAGE TOP OF DOC Chairwoman KELLY. Mr. Olson.
Mr. OLSON. Let me just elaborate a little bit on that. First of all, I think that if you would have asked the question, for example, in 1999, the scale of 1 to 10 would have beenwould have covered a limited range. Our understanding of the range of potential catastrophes is now much broader than it was then. We have a wider universe of potential issues.
Let me give you one specific example. Prior to September 11, in most of the business continuity planning that was done in the banking industry around the country, the expectation was that people would be there. Now as a result of 9/11, we recognize that we now have to plan under the assumption that perhaps the people won't be.
So I think we are still quantifying the extent to which we fully understand the risk exposures. I would say an 8 or a scale of 10 in terms of where we are now, because I think what we are doing better now than we had done before is that we have taken seriously all the planning and the need for additional testing and conducting some dry runs. I think Wayne Abernathy's experience, that he just described at Treasury, is typical of the way we are now managing that risk exposure.
Chairwoman KELLY. Thank you.
Mr. Olson, I just want to ask one question about another piece of your testimony. You said that mostthere were many ATMs that were affected, but where they were located in banks and so forth, they were up and running. There are ATMs now in supermarkets, in little corner grocery stores, at a bodega, whatever. When the power went down I would have to assume that those were the ATMs that were affected, were they not?
Mr. OLSON. Probably. If they didn't have some kind of a backup power facility, either a generator or battery, those probably would have been the ones affected. Even within the banking industry, there are some ATMs that do not have a generator backup facility or battery backup facility, but there are some kiosks, for example, where there are ATMs. So some of those might have been out also.
Page 14 PREV PAGE TOP OF DOC Chairwoman KELLY. I am wondering if it would be a function that perhaps we should considerperhaps you should consider. We certainly don't need a law, but as you say, be prepared. We should help the public be prepared. And I am wondering if we should ask the people who own ATM machines that did not have backup power to post a notification that in the event of a blackout the ATM will not work, so that people understand that they can't in a blackout go to those machines and expect them to work. I don't know how many lives that would affect, but it seems to me we should let people know what they got, because many people do rely on a regular basis on the ATM being available, and certainly people did try to get money from ATMs in places in New York City and in my district and they were not working. I don't know what you think of that. Maybe you would like to tell me.
Mr. OLSON. I think it is an excellent question. And I would like to look into it and get back to you regarding what we have learned from that experience and the extent to which people werethe extent to which they were disadvantaged and the extent to which they were aware of alternatives and could access those alternatives. But we would be happy to follow up and get back to you on that.
Chairwoman KELLY. My concern is if it is in fine print when you sign up to get an ATM card, you are not going to notice that. But if it is printed on a sticker that is on the machine somewhere that it will not function during a blackout, that is a good thing for all of us to know. I think it is a good thing for all of us to know.
Mr. OLSON. There may be implications to that that aren't occurring to me at the moment, but we will look at that very carefully and be happy to respond.
Chairwoman KELLY. There are two other questions I would like to ask and then we will go to Mr. Kanjorski.
Mr. Abernathy, what impact did the move of the Treasury personnel to start the Homeland Security Department have on the Department's capabilities with regard to disaster planning and recovery?
Page 15 PREV PAGE TOP OF DOC Mr. ABERNATHY. As you know, Madam Chairman, we are in the process of the Homeland Security Department getting on its feet. But already in its early stages, I think one of the benefits we had was in this question of interrelating one particular sector with another, so that as we were looking at the financial services sector and finding out why certain operations continued to operate, they told us, well, we can keep going for x number of hours but we are going to run out of fuel at some particular point. We can take that question then to the Homeland Security Council and say the financial system is working well, but we may need fuel oil to be able to power generators or diesel. And so we could go to them and, say, bring that problem and they can deal with it and understand the importance of it and have in place systems to deal with that. So I think it helped in the process of connecting the different sectors together.
Chairwoman KELLY. Good. That was part of the effect that we hoped would happen.
The other thing I would be interested in hearing is have you done anyjust sort of prior simulations of a blackout in anyI mean, this was not a simulated blackout on August 14, but are there simulations that you have run? Did you run one in New York City? And this is for both of you. I am interested in what magnitude, if you did run simulations, what the magnitude was and whether or not that actual blackout experience we had met what the parameters were that you had set in place if you had run those simulations.
Mr. ABERNATHY. We have participated in a number of simulations, some of which we sponsored, some of which have been sponsored by other agencies of the government. I don't recall that any of the ones that we participated in envisioned a blackout affecting 50 million people stretching from New York City to Detroit. I will say this, though, and I made the comment frequently afterwards to our staff and others as we looked at how we dealt with the crisis. We were able to deal with the problems related to the crisis not because we had practiced that particular simulation before, but because we had gone through a different number of simulation exercises, we had learned to deal with the unexpected and we learned how to communicate with one another and work through problems that we hadn't envisioned ahead of time. And that kind of exercise, the fact that we have gone through a number of different simulations, really paid off very well during the blackout.
Page 16 PREV PAGE TOP OF DOC Chairwoman KELLY. I am sure probably what you had done went a long way to keeping consumer confidence in the market.
Mr. Olson, do you want to answer that?
Mr. OLSON. I could repeat exactly what Wayne said, but let me give you an example of how it worked in the financial services industry. When the tragedy of September 11 occurred and airplanes couldn't fly and there was a tremendous amount of disruption in the economy, what we discovered, what financial institutions discovered, is they went back to the business continuity planning that they had done for Y2K and took all of the disciplines from the Y2K preparation, and those disciplines were immediately effective for them on 9/11.
And so that is a good example of how you plan for business disruption, but not necessarily for a specific one, but the planning has multiple benefits when you plan broadly.
Chairwoman KELLY. Thank you very much. I want to againI want to hold this report and tell you I read the draft report on this and I was very, very impressed with the ability that you had in place already before that blackout to hold things together, let the markets continue to function. Of course, we were lucky because it happened at the end of the trading day in some instances; but having that report, I think, should go a long way to a certain stability and peoples' expectations with regard to anything else if we have another blackout.
I am going now to Mr. Kanjorski.
Mr. KANJORSKI. Thank you Madam Chairman.
Mr. Abernathy, you discussed the fact that the American Stock Exchange remained closed for most of the following day after the August blackout. How will the interagency paper finalized earlier this year and in the process of being implemented by the private sector help to ensure that similar events do not occur in the future as major financial entities work to establish their backup facilities required by this guidance? What are the most important issues for them to consider with respect to electricity, telecommunications, transportation and water resources?
Page 17 PREV PAGE TOP OF DOC Mr. ABERNATHY. I think those are the key elements to look at. The purpose of the white paperwe didn't participate in the drafting of the white paper, although we are the consumers and commentors on itthat was a project of a number of the financial agencies themselves. But what we have learned from that and how it applied in the blackout is there are a number of things you can do to deal with the foreseeable, such as providing distance, providing training for personnel, making sure that you have not only facilities located in another place, making sure your backup system may not be exactly the same place as someone else's backup system is. One of the problems we discovered in 9/11, a lot of people had backup facilities, but they all had the same ones. They were sharing the same backup facilities.
So one of the things we learned through the white paper is not only ask what are your backup facilities, but how much do they overlap with someone else's. And sometimes the backup isrequires a backup to the backup, and that is a case that we have in some of the financial institutions. We have a first set of backup facilities in place, but the backup to those are now coming on-line as well, which will further reinforce our ability to switch. The other thing is make sure you have the personnel available to run these facilities.
And time, I guess, is the other factor, I would emphasize. Not only do you have the backup facility, but how quickly can it come on line. The more quickly you can bring your backup facility on line, the more quickly you can limit the damage from a disaster, and, particularly if it is a terrorist attack, the more you can take away the fruits of that terrorist attack that the terrorist is looking for. The terrorist is looking to disrupt our ability to engage in commerce. The more quickly you can bring your backup facilities on-line, you can deny that terrorist what he is trying to obtain.
Mr. KANJORSKI. Is there any task force that has the Congress's participation in the white paper or the interagency paper in terms of whether we are getting there, whether we are covering everything? As I understand the interagency paper, it states that a facility must be located beyond 50 miles of Manhattan, and I suspect that that is in order to provide for a nuclear blast. In case the city was struck by a nuclear weapon, they would want to be more than 50 miles out of the territory.
Page 18 PREV PAGE TOP OF DOC Mr. ABERNATHY. If I could make one comment, I think the 50 miles was in the original draft paper and since has been replaced with a more subjective requirement that you should have adequate distance or adequate time. The goal is you are able to get your system back up within certain time frames.
Mr. KANJORSKI. Within 2 hours.
Mr. ABERNATHY. Right. It may be that distance provides that. It may be in a financial institution you don't need the distance, you just need to have separate types of electronics or personnel.
Mr. KANJORSKI. Is somebody putting guidance together? What happens if I am handling a large part of the trades on the markets and am 10 miles away but within the blast zone? Is that considered a backup facility?
Mr. ABERNATHY. Those issues are the ones we wrestle with every day. And I would say the follow-up entity to carry out those recommendations would be the FBIIC, that on a regular basis compares notes with one another, encourages each particular financial agency to be working with their regulated entities to see how they are doing and implementing those guidelines that are put in place in the white paper; reviewing to what extent the guidelines that are in the white paper and other guidelines have become out of date due to new things we know as a result of the infrastructure as well as changing technologies.
Mr. KANJORSKI. Well, the August blackout was very informative in terms of comparing that overlay with the original thinking in the interagency paper. If you look at it and making the assumption that the 50-mile radius is the intelligent radius to be away from your major facility, then you look at what happened to electricity and find out that about half of the zone that you could relocate in, that was in the same power grid. So obviously that wouldn't be a retreat area.
And then the most significant part I think is the watershed. New York City is served with both the Hudson watershed and Delaware watershed. And in case of biological attack, it would seem to me if I were a terrorist, I would go way upstream and I would blank out a good half to two-thirds of acceptable area that backup facilities could be located in.
Page 19 PREV PAGE TOP OF DOC Is somebody testing the judgments of the companies that are making the decision to put a continuity business facility in place, or are we relying totally on their judgment to do that?
Mr. ABERNATHY. That is something in particular that Governor Olson can talk about. What we understand from the financial regulators, that kind of judgment is a constant source of discussion between the financial supervisors and the people they supervise. There is a discussion that continuously takes place in the examination process as well in the process of implementing and designing sources of resiliency.
Mr. KANJORSKI. Governor, do you want to pass on that?
Mr. OLSON. I will support what Wayne Abernathy said. As part of the supervision that we would do for financial institutions, as we would examine their business continuity planning. The FFIEC, the coordinating group, recently expanded the criteria that we use in our examination of business continuity planning from the banking industry. But you hit on the key ones. Environmental is certainly one. Infrastructure is certainly one. Availability of people is another one. And the impact, for example, of an evacuation would be another one that would be used. And since post-9/11, we have expanded the expectation.
But there are two keys. First of all, and the most important one, is people. Are you allowing for the safety of the people? And point number two, it is the speed of recovery to get the systems back on track. So as Wayne Abernathy suggested, the idea of a specific mileage implication to it or criteria to it is less important than to be able to demonstrate the capability to respond.
Mr. KANJORSKI. One of the areas I noted in watching the various plans is the lack of adequate infrastructure for telecommunications for relocation sites. Most of these institutions have to have merit data recording, which means they have to use fiber optics and they are restricted to the speed of light, so they are restricted as to how far out they can locate from Manhattan. And I think the parameter for most of the technology companies that I have talked to is about 125 miles from Manhattan. The problem that is occurring, however, is some areas that are viable for continuity of business relocation sites do not necessarily have in place the fiber optic systems to carry the transactional load that would be required for continuity of business backup.
Page 20 PREV PAGE TOP OF DOC I guess my question to you is, are we going to do anything in the homeland security bill or appropriations to either assist utility companies or communication companies to lay that fiber optic, or is that going to be the sole burden of the companies that want to locate facilities?
Mr. ABERNATHY. I can't really respond to what is in the appropriations bill with regard to telecommunications. That is not something
Mr. KANJORSKI. To my knowledge there is nothing.
Mr. ABERNATHY. But I would like to emphasize, though, that you are exactly right that telecommunications plays an important role on how we run our financial services. Of all the other different systems that interact with the financial services, I would probably place telecommunications right at the top. And one of the things we are engaged in and looking at very carefully is how dependent we are, and how building up redundancies in the telecommunication system can be brought forward, keeping in mind how important that is.
Mr. KANJORSKI. Even, Mr. Abernathy, getting an inventory of systems in place. Many companies refuse to disclose the locations or distances of their fiber optic systems. And it is difficult for someone to cite a continuity of business location, not knowing what the route is or the difficulty of the distance to the relocation site.
All I am raising is that there is a need for a little more comprehensive activity on the part of Treasury, the Federal Reserve, and the other regulators that are involved to make sure that we get some redundancy and we get some cooperation between other Federal and State agencies with the private sector to make sure the infrastructure is available for companies to make the proper decision as to when they can locate, where they can locate, and how quickly they can be back up in business.
Mr. ABERNATHY. I would say that interrelationship is the number one lesson we learned from the blackout, which is the interrelationship of all the different systems.
Page 21 PREV PAGE TOP OF DOC Mr. KANJORSKI. Tell me we are moving very quickly and in 18 months we are going to have all those continuity of business locations.
Mr. ABERNATHY. We are working very hard on it.
Mr. KANJORSKI. If we want to work with someone at Treasury or the Federal Reserve, who should we be talking to?
Mr. ABERNATHY. In the congressional office, John Duncan would be the person for Treasury.
Mr. OLSON. In our case, Steve Malphrus, who happens to be here, but he is the communications point.
Mr. KANJORSKI. He is the guru.
Chairwoman KELLY. Thank you. I would like to simply say that representing the area that I do, which is 50 miles north of New York City and the entire lower third of New York City's drinking systems plus major manufacturing, IBM, huge number of things in my district, we have addressed some of these things. And I think Mr. Kanjorski's question about somewhere, even if it has to be kept at an above-secret level, there ought to be some kind of an inventory, that is not a bad question. But I do know that some of this has been addressed, because I also represent the Indian Point nuclear plants and we have looked at not only evacuations but some of these other questions that had been raised.
I would hope that we can work with you both if you have needs with regard to infrastructure, so we can make sure we have what you need and we can work together.
The Chair notes that some members may have additional questions for the panel. They may wish to submit them in writing. Without objection, the hearing record will remain open for members to submit questions and place responses in the record.
This panel is excused with the committee's great appreciation for your time. Thank you very much.
Page 22 PREV PAGE TOP OF DOC I would like to introduce our next panel. First is Ms. Rhonda MacLean, Private Sector Coordinator, Financial Services Critical Infrastructure Protection and Homeland Security issues, and the Director of Corporate Information Security at the Bank of America; Ms. Catherine Allen, CEO of BITS, at the Financial Services Roundtable; Mr. Donald Kittellhope I pronounced that rightExecutive Vice President of the Securities Industry Association; and Mr. Howard Schmidt, Vice President and Information Security Officer at eBay, and the former Chair of the President's Critical Infrastructure Protection Board. We thank you all.
Chairwoman KELLY. And we will begin with you, Ms. MacLean.
STATEMENT OF RHONDA MACLEAN, PRIVATE SECTOR COORDINATOR, FINANCIAL SERVICES CRITICAL INFRASTRUCTURE PROTECTION AND HOMELAND SECURITY, AND DIRECTOR, CORPORATE INFORMATION SECURITY, BANK OF AMERICA
Ms. MACLEAN. Thank you, Chairwoman Kelly and Representative Kanjorski, as well as members of the subcommittee for inviting me here today for this important hearing. I am honored to be here to speak on behalf of the financial services sector and my role as the Department of Treasury-appointed Private Sector Coordinator for Critical Infrastructure Protection. The financial sector chose to form a Financial Services Sector Coordinating Council with the public sector support and encouragement and with Treasury's leadership.
I want to recognize Treasury Assistant Secretary Wayne Abernathy and Deputy Assistant Secretary Michael Dawson for their instrumental leadership in promoting and supporting our efforts for an effective public-private partnership. It has really served as a model for other sectors such as telecommunications and energy and the like. The council consists of 25 organizations that through their constituents represent the majority of the financial services sector. These organizations include key national exchanges; clearing organizations; trade associations in the banking, securities, bond, and insurance segments of our industry; and key professional institutes.
Page 23 PREV PAGE TOP OF DOC Information provided in my written testimony identifies the members of our council and additionally includes a diagram depicting an extremely important aspect of why we believe our sector has such an effective and real public-private partnership at the sector level.
As Mr. Abernathy indicated, the public sector has formed the Financial and Banking Information Infrastructure Committee, the FBIIC. And periodically both members of our council and the committee need to discuss and work together to address sector-wide issues and initiatives that focus on strengthening the resiliency of our sector.
Our councils work on five strategic areas and I will briefly discuss each of those:
First is the information and dissemination and information sharing. Our goal here is to provide a universal service for disseminating trusted and timely alert and warning information to all sector participants. We believe that this type of information sharing will continue to increase the general overall knowledge about physical and cybersecurity operational risks that face our sector. We have gone from approximately 70 financial institutions receiving this important information to now over 8,000 who are receiving this information today. This significant step forward in our goal was accomplished through the many council members leveraging their constituents' contacts to distribute the critical alerts. Our next generation ISAC will continue to improve on this information dissemination directly to the financial institutions themselves. The sector awareness and outreach activities we are implementing is a program for homeland security and informationcritical infrastructure protection initiatives that include regional forums. The local and regional efforts are in most cases the front lines in the times of crisis and are an important element in the overall communications flow during the times of crisis coordination and crisis management. The council also has a research and development task group that is working with Treasury to determine priority for research and development needs of our sector. We have also been working on our Sector National Strategy to revise that document in response to the two national strategies President Bush released in February. This is our vehicle to really define tactical, actionable and measurable programming to direct and advance our sector-wide critical infrastructure and homeland security efforts for the resiliency of our sector.
Page 24 PREV PAGE TOP OF DOC Lastly, the subject of this hearing has focused on the council's efforts around crisis and response management. When events occur with broad sector or national impact, a plan and adopted approach for sector-wide crisis management must exist, including coordination with government entities and other critical infrastructure sectors on which we depend. At a sector level the council uses a crisis communicator capability developed and supported by BITS that allows council members to convene in times of emergency. Timely communication and effective coordination is essential to ensure the financial sector maintains its resiliency and ensures public confidence. We have had numerous opportunities to trust our crisis management procedures at a local, regional, and sector level. If we examine the August blackout, which had larger geographic impact than Hurricane Isabel from a power outage perspective, we came through those events beautifully but also with the lessons learned as described before.
As sector coordinator I was able to participate and receive information from numerous activities led by council associations, clearing corporations, and Treasury-led government teams. Additionally, because of the close working relationship developed among sector coordinators while working together on critical infrastructure protection initiatives, our sector received regular updates on restoration activities. In the case of the blackout, Mr. Michael Gant, sector coordinator for the electric power, provided regular updates and outage progress and really worked with us in our coordination effort. This level of direct communication was invaluable as efforts occurred to evaluate the situation and plan next steps.
This past Thursday and Friday our council held its regular quarterly meeting in New York City where lessons learned were discussed by the council and FBIIC with the New York Office of Emergency Management. It was clear that the blackout allowed many organizations to apply crisis communication and management improvements post-9/11. The council members decided to work on identifying the various calls that now typically occur in times of crisis and will use the blackout experience as a case study. The sector-wide effort being undertaken by the council will seek to identify opportunities for improving sequencing of these calls and other options for better information flow and emergency communications. This effort will be coordinated with our public sector colleagues and other sectors upon which we have specific dependence.
Page 25 PREV PAGE TOP OF DOC My two colleagues on this panel, whose leadership for our sector has been instrumental in the formation of the council and leadership within the council, will be speaking on some of the outstanding work their organizations have accomplished and specific lessons learned from both the blackout and Hurricane Isabel, together with recommendations.
Ms. MACLEAN. In summary, Chairwoman Kelly and members of the committee, we believe that a strong public/private sector partnership is the primary reason for our success. The Government and the private sector's coordinating efforts during the recent power outage and storms demonstrated the preparedness work done by many organizations that have yielded very positive results. These efforts have helped to ensure our critical efforts are resilient and we are worthy of maintaining the public confidence.
Thank you for your opportunity to testify.
[The prepared statement of Rhonda MacLean can be found on page 57 in the appendix.]
Chairwoman KELLY. Thank you, Ms. MacLean.
STATEMENT OF CATHERINE ALLEN, CEO, BITS, THE FINANCIAL SERVICES ROUNDTABLE
Ms. ALLEN. Thank you, Chairwoman Kelly and Congressman
Kanjorski and other members of the committee, for the opportunity to testify. I am Catherine Allen, CEO of BITS, a not-for-profit industry consortium of the 100 largest financial institutions in the U.S. BITS is the sister organization to The Financial Services Roundtable, and our mission is to serve the financial services industry where it interfaces between commerce, technology and financial services. We are not a lobbying organization.
Our work is shared not only among our members but throughout the financial services sector, and you will see that in a minute. I experienced firsthand the outage. We were in Detroit at BITS meetings and experienced not having water, power, telephone and many of the other things, along with the CIOs and CTOs of a number of the financial institutions.
Page 26 PREV PAGE TOP OF DOC Bottom line, the financial services industry and our customers fared well. Backup systems worked, ultimate communications systems were used, and there was no measurable impact on settlement and payments. There was excellent cooperation in communications among the financial services regulators, Treasury and the financial sectors.
Three major reasons why I think the Nation's system fared so well were, first of all, preparation. As Mr. Olson said, the events of 9/11 and subsequent preparations by both the private and public sector helped us trust each other and helped us with our abilities to communicate, shift to backup systems and continue operations.
A second thing was the early announcement that this was not a terrorist event, and I cannot reinforce how important that was. This helped to alleviate public concerns and made for orderly execution of business continuity processes.
Thirdly was the diversity of communications. Again I personally can attest to how you use cell phones until they run out of juice and then you use Blackberrys and you save cell phones to communicate with others. Actually, throughout the event Assistant Secretary Wayne Abernathy and I were Blackberrying back and forth in preparation that BITS and the Roundtable held.
There also were some critical lessons from the event. The power grid must and should be considered among the most vital critical infrastructures that needs investment to make sure it works. The cascading impact cannot be overstated.
Secondly, water for cooling systems and personal hygiene is often controlled by electricity. People do not think about that, and that is what caused many organizations to close their offices or delay opening.
Lastly, communications must be viewed as an integrated system. We must be able to use diverse communications and understand the vulnerabilities, address those vulnerabilities and make sure we have diversity and redundancy.
Page 27 PREV PAGE TOP OF DOC Attached to our testimony is a wide variety of lessons learned from the outage and specific recommendations. We gathered these from what our members experienced during the outage.
The most important lesson, however, that was learned was how interdependent the critical infrastructures were and also how fortunate we were that it was not a terrorist driven event or we had a cyber security event at the same time. We need to look strategically and holistically at the Nation's critical infrastructures and what can be done to enhance resiliency, reliability, redundancy and diversity.
BITS has addressed a number of the interdependency issues and Congressman Kanjorski, you are right on about your points about the telecommunications industry. That has been our most important effort this past year, the understanding of the inventory and what they had and how we would know whether they had backup offices.
BITS has led an effort on behalf of the financial sector in assessing telecommunications vulnerabilities and enhancing recovery. We have worked with the National Communication System, the NCS, of the DHS, who are helping us, and I can say there is unparalleled cooperation going on right now between the telecom and financial sectors. The results have included a detailed and confidential assessment of the interdependencies in these routes that you were mentioning in a specific geographic area and we are looking at how we replicate that through other areas.
Best practices in telecommunications and financial procurement policies, pilots to model the costs of attaining greater diversity and redundancy, adoption by our CEOs of the NRICK best practices in physical and cyber security and obviously education in both sectors. There are many other things that we have done in the crisis management area.
I will point out two areas that also relate to this, and that is the IT service providers. There is a press release accompanying this hearing that talks about the BITS framework for managing technology risk. We must look at our IT service providers and our vendors as closely as we look at ourselves and we have to make sure that we manage the riskour risk management strategies are in place in working with them.
Page 28 PREV PAGE TOP OF DOC Secondly is the area of software security. We have worked on a BITS product certification program where we test software products against security criteria the industry developed.
Again a press release accompanies this hearing, talking about the development of a user driven coalition to address the issues of software development, as well as the patch management process. We urge the committee to consider all aspects of critical infrastructure, the software and operating systems, the service providers, the critical infrastructure industries and the practices of firms, industries and Government in addressing not only these power outages but future disasters and related events.
I will end with the five key recommendations that we have with the committee. One is to invest in the power grid because of its critical and cascading impact; in fact, investment in a number of the critical infrastructures, such as power, telecommunications, and transportation, their incentives, such as tax credits, credits for investment, R&D investment and direct Government investment.
Number two, announce early whether an event is terrorist related, or not. I cannot tell you how critical this was to our maintenance of our crisis management procedures and communications.
Three, establish improved coordination committee procedures across the critical infrastructures, specifically with the Federal, State and local government.
Number four, recognize that the financial sector is driven by its trusted reputation as well as regulatory requirements. Not all other sectors are the same way, and we need to look at this again holistically.
And lastly and most importantly, recognize and review the dependence of all critical infrastructures on software operating systems and the Internet. A cyber attack of some kind which impacts communications, SCADA systems and first responder systems would put us at terrible risk. Compounding the problem is the lack of security software development processes and a current inefficient software patch process that not only cost us millions but put us at greater risk.
Page 29 PREV PAGE TOP OF DOC It is an alarming issue and critical to the Nation's infrastructure. A clear understanding of the role of software operating systems and the higher duty of care, particularly when serving the Nation's critical infrastructures needs to be explored.
Again, thank you for this opportunity, and I will look forward to answering questions.
[The prepared statement of Catherine Allen can be found on page 42 in the appendix.]
Chairwoman Kelly. Thank you very much.
Mr. Kittell, please.
STATEMENT OF DONALD D. KITTELL, EXECUTIVE VICE PRESIDENT, SECURITIES INDUSTRY ASSOCIATION
Mr. KITTELL. Thank you, Chairwoman Kelly and Congressman Kanjorski.
I am Donald Kittell, Executive Vice President of the Securities Industry Association.
Since 9/11 the security industry has invested a great deal of time and resources in business continuity plans. The opening of the market following the blackout I think was clear proof that those plans were viable, at least in the event of a blackout occurring at about 4:30 on a Thursday afternoon. I would particularly highlight the support we received from New York City, as well as from State, Federal and regulatory bodies during the event.
Early assurances that this was not a terrorist act was very important, and after 9/11, dealing with the blackout was a refreshingly easy problem. When street power was lost, there was essentially a seamless transition to backup power among all the firms and the exchanges. The Securities Industry Automation Corporation, or SIAC, processes for the New York Stock Exchange, the American Stock Exchange, the National Market Systems, Depository Trust, Fixed Income Clearing and other organizations. Those sites were protected by battery backup combined with backup generators, and there were no interruptions in processing and no loss of data.
Page 30 PREV PAGE TOP OF DOC Similarly, SIAC's safety system, which was installed subsequent to 9/11 to provide alternative telecommunications connectivity between securities firms and the infrastructure exchanges, operated throughout the blackout without difficulty.
Depository Trust activated both its remote sites and its remote operating locations, both of which were developed following 9/11, so they were actually operating their data center in New York from a remote operating center successfully.
The American Stock Exchange, we talked about earlier, was able to activate backup generators for its building and trade systems but not its cooling systems because of a shutdown of ConEd steam power. The AmEx obtained emergency steam generation power later on Friday, was able to open and perform an orderly close at the end of the day.
But I would like to come back to Congressman Kanjorski's question about the AmEx if we have time later.
Some securities firms relocated to backup sites, others operated under both backup and main primary sites, but essentially all firms were able to operate following the blackout.
SIA's command center was activated within minutes of the blackout and conducted conference calls throughout Thursday night, the following Friday, and into the weekend, and these calls were integrated with those of the regulators and other industry organizations.
SIA has maintained a seat at the New York City Office of Emergency Management since the Y2K days, and that was invaluable; in fact, it was the OEM that arranged the backup steam for the AmEx, as well as arranging for delivery of fuel to backup generator sites.
We believe there is value to adding other people to our network of calls, primarily in the telecommunications area, but also with data vendors and service bureaus, and we are working to accomplish this. I think the main thing we have learned with these calls is that it is not so much the preparation and structuring of them but just the flexibility we have of being able to talk to each other when an event occurs.
Page 31 PREV PAGE TOP OF DOC There were some infrastructure issues. The two worst problems were loss of communications and transportation. The cell phone service degraded pretty rapidly once the backup battery power was over and some of the land line switches in Brooklyn and mid-town Manhattan were disabled. Instances were identified where fuel delivery trucks could not be reloaded because of, again, pumps that did not have backup power.
Transportation systems were immobilized, and many employees were stranded. Actually, this was a good thing from the standpoint of opening the markets but not so good for the people involved. Ferries continued to operate but they were overwhelmed by the number of riders. As a result, many firms are reconsidering plans to keep critical employees on-site as well as shutting down their operations and sending people home.
Vis-a-vis Hurricane Isabel, the New York City OEM was our primary source of information, and fortunately we were able to avoid any major challenge there, but we are very cognizant of the risk we run in Lower Manhattan of a hurricane. We were fortunate that both the blackout occurred when it did and that the hurricane did not impact New York in a significant way.
The blackout occurred after trading hours in daylight, on a Thursday of the week. It is just about the best time we could order up a blackout. We would have faced very significant challenges if it had occurred during trading hours or if it had occurred early in the morning before the work force actually was able to get into the city.
With respect to the hurricane, we are well-aware of the potential flood damage in downtown Manhattan. Again, New York City OEM would be our key guidance there as far as evacuation is concerned, so although the early reports and preparation were fine, I think we are very cognizant of the fact that a hurricane with a direct hit in New York would present much more serious problems than what we had with the blackout.
Since 9/11, the industry, in partnership with Federal, State and city emergency management associations, regulatory agencies, service providers, has improved its resiliency. We are proud of the progress to date. We continue to address vulnerabilities in the future.
Page 32 PREV PAGE TOP OF DOC Thank you, Congresswoman Kelly.
[The prepared statement of Donald D. Kittell can be found on page 52 in the appendix.]
Chairwoman KELLY. Thank you very much.
Now, we turn to you, Mr. Schmidt.
STATEMENT OF HOWARD A. SCHMIDT, VICE PRESIDENT AND INFORMATION SECURITY OFFICER, eBAY, INC., AND FORMER CHAIR OF THE PRESIDENT'S CRITICAL INFRASTRUCTURE PROTECTION BOARD
Mr. SCHMIDT. Thank you very much, Chairwoman Kelly members of the committee. My name is Howard Schmidt. I am the Vice President and Chief Information Security Officer for eBay, where I lead a team who is responsible for the security, trustworthiness and availability of the services that bring so many global citizens together each day.
Today I come to you more as an individual, primarily, who has had the privilege of working with many committed individuals in the private sector, law enforcement and government to forge a collaboration and cooperation to essentially safeguard the sort of resources we need through cyberspace and we have seen protected as a result of the blackout.
I had the privilege of assisting in the formation of some of the first collaborative efforts in this arena and led the creation of the Information Technology Information Sharing and Analysis Center, or the IT-ISAC, and now I am serving as the first President. This was in the aftermath of PDD-63.
Later I was appointed by President Bush to serve with Richard Clarke running the President's Critical Infrastructure Protection Board, in which many of the issues we are talking about here today were part of the key issues we were looking at as we put together the National Strategy to Defend Cyberspace, and that national strategy, I might add, was a combination of work done by BITS, the Financial Services ISAC, many of the Federal Government agencies, as well as the Congress and many of the private citizens across the United States.
Page 33 PREV PAGE TOP OF DOC But I want to talk for a moment about the successes that the financial services community had that enabled us to continue business during the blackout and the recent hurricane. It served to deepen our appreciation of the interdependencies between the Internet and the critical infrastructure and those pieces of commerce that we depend on, as many saw the perfect storm of the convergence of two Internet worms that were occurring at the same time the blackout was taking place, but also, as the Congressman pointed out, between the power and telecommunications infrastructure. We were also reminded that much of the work that we did in the preparation of the cyber security plan also gave us the resiliency and the ability to protect ourselves because those same plans in a cyber attack were the same plans we needed to put in place to minimize the effect of the blackout we saw.
One of the things that has helped reduce the impact of this event as well as others is the ability to share information across sectors and across competitor lines. It was particularly rewarding to see many companies, strong competitors in the marketplace, share information about backup strategies, share information about disaster recovery sites. So we can indeed enjoy the benefits of the services they provide us on a day-to-day basis.
As a matter of fact, during the summer events for the blackout, we saw for the on-line industry approximately a 10 to 15 percent reduction of activity during the power outage itself, but that was primarily related to the fact that many citizens who would use the Internet could not even log on to be able to conduct some of the transactions, but in doing so, one of the resources we turned to was the financial impact report by various industries, and looking at this, it cited in the report the credit card and sales authorizations, which is one of the main focuses we looked at with eBay, for online sales would lose $2.6 million an hour if they were unable to conduct their transactions, and even home shopping was estimated to have losses of $113,000 per hour if the system was not available.
There is much we can do to prepare for these sort of events, and once again I cite the interrelationship between cyber attacks on our infrastructure or the critical events we have seen this summer.
Page 34 PREV PAGE TOP OF DOC In this case, the Internet connects about 170 million computers and an estimated 680 million users. There is an estimated growth rate going to 904 million by the end of 2004, and you can see eBay is a prime example of how deeply ingrained the Internet is to American life and the dependency we have on the power of the telecommunications systems to bring these buyers and sellers together.
More fundamentally, and I think this is pretty important to understand this, by our location in the backup strategies and the redundancy that we have in the overall infrastructure system, the stores stayed open during the crisis times where physical stores were incapable of opening at that point.
I want to also point out that some of the emerging solutions we have are some of the issues around the United States Computer Emergency Response Team, which has just now been appointed up in Carnegie Mellon University by the Department of Homeland Security.
By bringing the sector coordinators such as Rhonda MacLean, the Information Sharing Analysis Centers, by participation of many of those folks and the work done in PDD-63 with the Department of Treasury, Department of Homeland Security, we can then continue to move forward and make sure that those disruptions we have seen indeed have minimal impact on our ability to transact business online and particularly in the financial sector.
In closing, I just want to comment on the fact that one of the, I think, keystone milestones that we are seeing coming forth is in the first part of December the Department of Homeland Security, in conjunction with many of the folks that you have heard from my colleagues here today are putting on a National Cyber Security Summit out on the West Coast, and this summit will be cohosted by private sector organizations, the Department of Homeland Security, Department of Treasury, and we intend to as a result of that put together a task force which will continue to evolve in a position where the power blackouts, the effects of the hurricane will have less of an effect on the infrastructure we depend on, both telecommunications and the power blackout, and we will continue to work on these plans going forward and working with your committee to make sure that we serve the American public as well as the private sector interests of the country, with which we are both very much in tune.
Page 35 PREV PAGE TOP OF DOC Chairwoman Kelly, this concludes my remarks and I welcome any questions that you have.
[The prepared statement of Howard A. Schmidt can be found on page 76 in the appendix.]
Chairwoman KELLY. Thank you very much, Mr. Schmidt.
Can you tell us the date of that?
You just said that you are going to have the Cyber Security Summit, but you didn't, I believe, mention the date. Even if you did, let's emphasize it.
Mr. SCHMIDT. I did not. It is in my written testimony. It is December 3rd, and the venue is still being worked on by DHS, and I understand Secretary Ridge is also having a personal hand in putting this very, very valuable summit together.
Chairwoman KELLY. Yes, I am sure it will be valuable.
We have been talking about a number of problems with IT software, as well as the hardware, and I am hopeful that both of those will be addressed at that summit?
Mr. SCHMIDT. Yes. As a matter of fact, they are. There are two specific task forces looking at quality control and engineering, and taking the efforts that many of the software companies and hardware companies have really turned their business models around to focus on security and availability; as a matter of fact, to the displacement of some of the feature issues that we are going to have a complete task force work with those issues to make sure that that gets accelerated.
Chairwoman KELLY. Given your White House background, I would like to know how the financial sector would have handled the power outage in August differently had it been the result of a terrorist attack or if it had been a particular terrorist attack on a cyber section.
Mr. SCHMIDT. I think that is one of the interesting points, as I tried to point out during my testimony, that many of the resources and many of the programs that we put in place relative to the aftermath of September 11 and actually going back even to PDD-63 were the same things we needed to do for disaster recovery of business continuity, so therefore had we not had the focus we had over the past 5 years I think it would have been a different story. So whether it is a terrorist attack, a cyber attack, I think the steps the financial sector took in preparation of this are the right steps and they continue to move in the direction to even make this more valuable.
Page 36 PREV PAGE TOP OF DOC Chairwoman KELLY. Thank you.
I would like to ask Ms. MacLean, what was, for your group and for you possibly and your sector, what was the biggest surprise that you found during the blackout, a problem or something that worked that you didn't think was going to work?
Ms. MACLEAN. I think the biggestwell, it was no surprise that it worked, and that only came because of the amount of testing and focus this particular area, business continuity and resiliency, has on our sector in general.
I think the biggest surprise for me was in actually setting on some of the telecoms the issue of dealing with some of the personal inconveniences for people, such as the sanitation systems being dependent on the electric power, and I know in our case and some of the New York buildings being on a very tall floor was a very inconvenient process, and so making sure that we had good sanitary conditions, together with getting food in to people who had stayed through the night and through the days following the blackout, to make sure everything was operational I think was the key thing thatand also making sure we had enough flashlights, because that is another area where you may have backup resiliency but you really do not have enough to power lighting, and so you need to have other kinds of capabilities there on hand.
So it is the people issue again that I think continues to have additional focus in many of our institutions.
Chairwoman KELLY. What do you think should be done with regard to battery backup? I understand that there were places that had battery backup but then after a while the battery simply expired.
Ms. MACLEAN. Well, for the systems to maintain operationalI mean, that runs on large generators, that provided adequate backup. I think the smaller battery backup just for a small area I think is where it gets a little bit more complicated and I think we need to look at what are some of the alternatives. Again, I think it is more of a people issue rather than it is the system. The systems are going to be run through the large generators, which seemed to have adequacy.
Page 37 PREV PAGE TOP OF DOC Chairwoman KELLY. I am interested in the mix that we have been talking about, this interrelationship, and you pointed out sanitary systems on the upper floors weren't exactly working, and Mr. Kanjorski brought up the fact that there were some problems that possibly could have been some problems with regard to drinking water.
Your sectoror any of you, let me address this to all of you: Are you planning to try to work with the third parties that control these systems to try to put something in place fairly soon or do you feel that is just the way it is going to be?
Ms. MACLEAN. Well, let me take a cut at that answer. I think the sector coordinators, there is a sector coordinator for water and power, for emergency, I mentioned Mr. Michael Gant. There is also a telecommunications sector coordinator, and we do meet on a regular basis and this is the focus of a lot of our talk in discussions and looking at what are the initiatives we need to have cross-sector to make sure that we are working together.
The interdependencies is what is atis the main point that we need to get at, and I understand those intersections of interdependencies, and make sure we have adequate plans in place to address those things.
Mr. KITTELL. Our best work there is with the New York City Office of Emergency Management, where we get more results with the OEM talking to the water companies than we do talking with the water companies directly. Same thing with telecom in an event like this. So that problem is identified on our list of things that we are chasing down.
Chairwoman KELLY. That is good to hear. I suspect we in the New York area have hadobviously, we have had a little more experience in some other areas in dealing with this, but I just still do not think we have it put together. I think it is very important that these integrations of systems be worked on and be made to work.
I have other questions. I will submit some of them in writing, but in the interest of time I am going to go to Mr. Kanjorski.
Page 38 PREV PAGE TOP OF DOC Mr. KANJORSKI. I thank Ms. Kelly.
Ms. MacLean and Mr. Kittell, one of the most important aspects of disaster recovery planning for very large financial entities and for clearinghouses concerns the maintenance of a synchronized realtime redundancy.
As I understand, to address this issue many firms currently rely on annual descriptions to the disaster recovery systems, be it known as SunGard and IBM Global Services, but when a disaster strikes at these first, first in line in receiving assistance, they may not be first to receive help.
What will happen to our markets if all of the disaster space is taken? What could financial firms do to prepare for such contingencies?
Mr. KITTELL. Well, I think we had that situation with 9/11, Congressman. The backup sites at the companies you mentioned were swamped with all of the firms that were affected by 9/11 and they did, I would say, a very good job of not only using their preplanned space but also giving up their own offices and data centers for use by the firms that needed it.
There was also a tremendousas you know, there was a tremendous voluntary effort on the part of other firms in the industry, offering desk space and data center space, and so on, in a cooperative way across the industry, so I think we have already had that event. I think as a result of the event the capacity in those backup organizations has been increased, and, you know, depending on the nature of the event to come, we are certainly in much better shape than we were pre-9/11. Whether we could defend against some of the scenarios that people talk about is obviously an open question.
Mr. KANJORSKI. Do you want to respond along that line?
Ms. MACLEAN. Well, I think Don Kittell has really done a good job of articulating. The 9/11 really didat the end of the day, we did work very, very well, even though we did reach capacity. As a result, though, also, you mentioned the interagency white paper that has been published. Institutions are required to look at those recommendations in that white paper and are in the process of implementing and assessing their programs against that, the recommendations made in the interagency white paper.
Page 39 PREV PAGE TOP OF DOC As we go forward, the focus is really to continuously improve and assess your capabilities and ensure that you can meet those 2 and 4-hour guidelines, and I think that is where the real question comes in, is the innovativeness and the different capabilities that we can bring to bear to meet those time lines, and that is where the focus is today.
Ms. ALLEN. Yes, I might just address that, too, because we have done work in the outsourcer area, we have viewed them as third parties, and that is part of what this framework that we developed for the industry was, to look at present best practices that financial institutions need to require of their third-party providers.
We actually are having a meeting on this, a conference on this, on outsourcing, on November 6 and 7, and, again, it focused on preparedness, on the requirements, so that outsourcers meet the same level of standards that we require internally and to look at where the gaps are, so that we make sure that we have enough capacity in the outsourcing industry to handle it if we have a major disaster.
Mr. KANJORSKI. Does that create some unfair competition, if some companies respond by doing the job in accordance with the white paper and others decide to take the chance not to do it? If a disaster doesn't occur, the latter group gets a competitive advantage. Of course, if the disaster does occur, the former group gets a competitive advantage. And if someone looked at whether or not there was a need for compulsion as opposed to voluntarism?
Ms. ALLEN. That is my point. The point about the financial institutions were all regulated. We all have certain levels of regulation or compliance that we must meet, but we oftentimes compete with nonfinancial institutions who do not have to meet the same regulatory oversight or liability or business compliance requirements that we do, and it is one of our reasons we focus on outsourcers, to make them meet the same requirements, but they aren't really regulated. It is only at our request or our demands that they meet that.
Other critical infrastructure facilities that we rely on, we totally rely on in some cases, do not have the same regulatory oversight or do not have the same kind of requirements that we do. So that makes it difficult. The interagency white paper is a good example of requiring us to come back up in a certain time period. We can do what we can internal to our walls, but when we are dependent upon the telecommunications or the power industry, we cannot always be sure that they will be there.
Page 40 PREV PAGE TOP OF DOC Mr. KITTELL. I would comment on that. I do not think firms look at this as a competitive issue the degree to which they build resilient facilities.
The issue that is debated is what events do you defend against and which ones have a high enough probability that will result in the investment paying off, and that is the debate that takes place between firms individually and with the regulators, whether it is the Fed or the SEC or the Treasury.
What events have I agreed to defend against and how have I defended against them, and there are some scenarios that some firms freely admit they are not pretending to defend against, but I think that is the primary debate. What do you defend against and what do you not? It is not a question of competitiveness, one way or the other.
Mr. KANJORSKI. Thank you very much, Ms. Kelly.
Chairwoman KELLY. Thank you.
Ms. Allen, I would like to go back and ask you a question about the outsourcing problem that you raised.
We talk about cost/benefit, and my next question is going to be to this panel on cost about all of this, but one of the reasons we see an increase in outsourcing in a number of areas is it does cost less.
From what you now know, do you believe that there is a Federal regulatory position that we should be thinking about taking, with regard to people who do affect our financial structures who are in an outsourced position and perhaps not on the shores of the United States of America?
Ms. ALLEN. I would have to come back with an answer on whether you should take a regulatory perspective. I will say that that is a target. The idea of having industry marks and best practices and requirements of outsources, whether they are inside our territory or whether they are in India, China, or other places, our financial institutions are requiring the same level of standards of those two types of outsourcing entities, and I think that it is important that a number of the regulators will go into major outsourcers, providers that provide the majority of services to the financial institutions and actually will examine them. It is on a limited basis, but it also is helpful in making sure those outsourcers know they are going to be looked at in terms of their capabilities.
Page 41 PREV PAGE TOP OF DOC I would have to come back to you on the regulatory part of it.
Chairwoman KELLY. When you said that you require the same level of standards, we have been talking about the fact that we here in the United States, while we do have a lot of standards, some of our standards were deeply affected by the availability of power, water, and so forth.
Are those levels required of outsourced?
Ms. ALLEN. Again, we are asking in the framework, and we also are ready to launch a major, what I call, security assessment, it is a matrix. It is standardized, whether it is a financial institution or a consultant or auditing firm goes in and looks at an outsourcer, it is the same questions, again whether they are located in the U.S. Or outside the U.S., their dependency on power, on telecommunications, having backup systems, making sure they can get people to their sites. So we are viewing them just the same as having our own backup system 50 miles away or 200 miles away. If it is 2,000 or 20 miles away, it is the same way looking at that outsource capability.
Chairwoman KELLY. Thank you very much.
I want to go back and ask you all the same question: Has there been a study, do you have any idea what the cost is, with regard to planning, putting in place the things that we need to make sure that the systems, the financial systems in America stay up and running despite any kind of a disaster?
All of the disaster planning we have done has cost money. Your conferences cost money, and this money is currently coming from the private sector, so we in the Government really, I do not think, have a handle on it.
Do any of you have a handle on it and can you tell us what the costs look like, and I am going to start with you, Ms. MacLean.
Ms. MACLEAN. Well, there has been a number of different studies that you canthe Gardiner Group I know has done some marking between different institutions where you can get some comparison data about what the investment is with large organizations or medium organizations who are looking at their business continuity and business preparedness. So there is some independent individual studies for the purpose of marking.
Page 42 PREV PAGE TOP OF DOC I am not aware, maybe some of my colleagues here are aware, of an overall study that quotes would be a good source of something, but that is something we surely could look into and make available to you and to your staff.
Chairwoman KELLY. I am just wondering about the insurance industry. For instance, they said that the cost of the blackout could be estimated in several billion dollars from what I understand.
I want to know if there has been any objective look at the losses in that sector alone, let alone all the things we have put together. So perhaps we could take a look at that.
Ms. Allen, would you like to respond to that?
Ms. ALLEN. There are isolated studies, again the Gardiner study, we ourselves are dimensioning the costs to our industry of patch management, what it costs to go back in for the Slammer, for the SoBig to fix that, so we have a handle on how big this issue is.
We could come back to you, and I will give you some isolated studies that I have seen on the cost of business continuity, cost of requirements to be able to have the kind of physical security you need.
We are working with the telecommunications industry right now to dimension the cost to provide the level of diversity and redundancy that they now provide to the FAA and if we were to provide that to financial institutions. There aren't numbers on that yet, but we will be happy to share that once we know it.
Chairwoman KELLY. Mr. Kittell?
Mr. KITTELL. Yes.
The SIA did a cost study of the Y2K conversion at something in the neighborhood of $5 billion over 3 years. We did a similar kind of study for the conversion of decimals, which was about two billion over 2 years, or so.
Page 43 PREV PAGE TOP OF DOC We also did a cost estimate of moving from T3 settlement to T1 settlement, of about $8 billion over about a 4 or 5-year period.
These numbers are very gross. They will take into account IT and other budgets that are addressing lots of other things besides the specific projects that we talked about, because they get into fundamental infrastructure capacity.
It is very hard to isolate one number from another. We have not done a number on business continuity planning over the last 2 or 3 years, but depending on who is calculating and what objective they are trying to reach, I would say you would see numbers comparable to maybe the decimal conversion or Y2K.
Chairwoman KELLY. Thank you.
Mr. SCHMIDT. Yeah, I do not know of a comprehensive study, but some of the university relationships I have had, I am going to go back and ask them to start working on one and ask them to prepare for that. But this Eagle Rock Alliance out of New Jersey has done an hourly breakdown on what the losses might be, and I found that particularly interesting on some of the data points they have got, but the whole issue of the availability, part of the service level agreements that many of us are now doingand I believe Catherine mentioned itwith our outsourcing partners, that basically we are not only having that as part of the contractual agreement but we are also engaging with other companies to do an audit to make sure they can deliver on that. So it is having a cascading effect on some of the smaller partners out there, which then gives us a better availability later on to say yes, we can deliver within that 2 to 4-hour time frame.
Chairwoman KELLY. Thank you. Would this panel have any final recommendations for this committee with regard to the issue we are addressing today?
Ms. ALLEN. I would just like to commend Congress for passing the Defense Production Act with the definition of critical infrastructure industries included in that. I think that was a great step forward for us in prioritization of services.
Page 44 PREV PAGE TOP OF DOC Mr. KITTELL. I would say it is appropriate from our point of view from a legislative and a regulatory point of view to ask firms to address the risks that they identify, for example, in the outsourcing question earlier, that it is reasonable to take some sort of regulatory action vis-a-vis have you considered the complications of outsourcing and what have you done with it, as opposed to trying to writewhich I think would be very difficultwrite some sort of regulatory scheme around standards or principles or the way things need to be done, because each firm really has unique resources to play with, unique solutions to defend against these issues.
Chairwoman KELLY. My inclination is to agree with you. Before I came to Congress I noticed that every time Congress wrote a law it seemed to sort of foul things up a little bit. So maybe we can stay out of that and the industry can deal with it. Certainly it seems as though you have been dealing with it very well.
Mr. Schmidt, our final comment here.
Mr. SCHMIDT. Yes, thank you.
My recommendation would be for the committee to do as it has been doing, maintain the dialogue with those of us in the private sector that are the owners and operators of this, and I thank you for your leadership and the Congressman for his leadership in making sure that we, indeed, keep it to where the private sector can effect the changes without imposing regulations that probably do not work.
Chairwoman KELLY. Good, thank you.
This committee thanks all of you for staying here for such a long period of time. I appreciate it very much, and the Chair notes that some members may have additional questions for the panel. They may wish to submit them in writing. So without objection, the hearing record will remain open for 30 days for members to submit the written questions to these witnesses and place their responses in the record.
Page 45 PREV PAGE TOP OF DOC This second panel is excused, with our great thanks and appreciation for your time.
I want to briefly thank all the members and the staff for the assistance that they have given us in making this hearing possible.
This hearing is adjourned.
[Whereupon, at 3:52 p.m., the subcommittee was adjourned.]