LOS ANGELES - Anthrax. SARS. Cyber attacks. Computer viruses. Biological and chemical weapons. Terrorism. Those are among the many threats today facing the financial sector - including credit unions - according to government officials who conducted an all day program here Oct. 17 on "Protecting the Financial Sector-A Public and Private Partnership." The program was one in a series being conducted around the United States to encourage the financial industry to take steps to protect itself. Speakers stressed the need for contingency and business continuity planning, to upgrade existing plans and for the financial industry to work with the government. "We all need to be prepared should other attacks occur and protecting the financial sector requires a joint effort, a partnership between the government and the private sector," said Michael J. Zamorski of the Federal Deposit Insurance Corporation, which is hosting the programs. Calling the financial services infrastructure the "lifeblood of the economy," Zamorski cited warnings from the Office of Homeland Security that the industry could be an ideal "soft" target for al-Qaida or other terrorists seeking to "create instability in the U.S. economy." "The war on terrorism continues and the United States needs to be vigilant and prepared for additional attacks against our homeland," said Zamorski, director of the FDIC's division of supervision and consumer protection. "It is clear that financial firms need to be on guard against all kinds of threats." An audience of approximately 300 people attended the session at the Ronald Reagan Building in downtown Los Angeles. A similar program was held the previous day in northern California. Among the speakers were representatives from the FDIC, Treasury Department, FBI, Secret Service, Office of Homeland Security and California Office of Emergency Services and the governor's office of homeland security. Presentations included explanations about both the private sector, under the Financial and Banking Information Infrastructure Committee (FBIIC), and the public sector, under the Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security (FSSCC). FBIIC is composed of state and federal financial regulators, including the National Credit Union Administration, the Federal Reserve Board and the Securities and Exchange Commission, as well as a representative from Homeland Security. A key goal of the agency is to improve coordination and communication among financial regulators. FSSCC is composed primarily of trade organizations and associations, including the Credit Union National Association (CUNA) and the National Association of Federal Credit Unions (NAFCU). "We're together in this," said Ron Shults, vice president and director of security for Guaranty Financial Services. "It's not just the public sector addressing this. It's not just the private sector. We're together in this as we go forward with addressing our infrastructure and maintaining the financial services systems as we go through future incidents, crises and challenges in our country. "If you're going to survive over the next decade and over the next 50 years as a financial institution or a financial services industry entity, you're going to have to be involved in protecting the infrastructure that we have," he added. Within the 25 or so members of the FSSCC is the Financial Services Sector Information Sharing and Analysis Center (FS/ISAC). Among its goal is to issue cyber and physical security risk information and alerts to its members. Officials said FS/ISAC today is composed of 70 financial services firms who pay a membership fee to belong. Plans call for the "next generation" FS/ISAC to be implemented by Dec. 1, which will offer a tiered membership structure - from no cost membership that will provide urgent and crisis alerts all the way up to a full-service premier membership for $10,000 annually. The restructuring of FS/ISAC "will become `the' information sharing and dissemination facility for the financial sector," predicted speaker Brian Tishuk, deputy director for the office of critical infrastructure protection and compliance policy with the Treasury Department. Shults said that having the ability to receive critical alerts on a timely basis "is absolutely essential to our survival." He predicted the tiered system would attract numerous large and small financial institutions nationwide. The financial services ISAC is just one of several ISAC groups set up to protect the critical infrastructure of the country. Some of the other ISACs specifically address transportation, telecommunications, energy, agriculture, water and public health. Nancy Wong of the Office of Homeland Security praised the efforts of the financial services sector but warned that it needed to remain vigilant. "Terrorists tend to be smart and they have a very long term view," said Wong, the director of office planning and partnerships, information analysis and infrastructure protection directorate. Rather than remaining static, she said terrorist threats were "evolving and changing." "The terrorists are learning," she said, noting that they look at which industries and communities respond well to disasters and which face challenges. "The front line of this new war are the community and individual institutions such as yours," Wong said. "The attack happens here and the response happens here . . . "What needs to be done . . . each and every one of us, no matter whether we're government or private industry, we need to understand and accept and integrate the fact that terrorism is going to be with us for the foreseeable future," she added. "And it's not going to go away. So we need to plan and prepare." That planning includes developing business continuity programs to ensure that financial institutions are able to get up and running as soon as possible, said Bob Wilcox, vice president of business continuity and risk assessment for Fiserv, Inc., a company that provides financial management services to the financial industry. A successful continuity program needs to be constantly updated, reviewed and tested, he said, adding that the program needs to be companywide, not just a program for a particular department. "This is not the three-ring binder that goes in the bookshelf and gets pulled out (after a disaster)," he said. "If you have yours (business continuity plan) in a binder dated 2001, it's doomed to failure," he said. - [email protected]