Sheltered Harbor Provides Protection for Financial Institutions’ Data
Dr. Bill Highleyman
Dr. Bill Highleyman brings years of experience to the design and implementation of mission-critical computer systems. As Chairman of Sombers Associates, he has been responsible for implementing dozens of real-time, mission-critical systems - Amtrak, Dow Jones, Federal Express, and others. He also serves as the Managing Editor of The Availability Digest (availabilitydigest.com). Dr. Highleyman is the holder of numerous U.S. patents and has published extensively on a variety of technical topics. He also consults and teaches a variety of onsite and online seminars. Find his books on Amazon. Contact him at firstname.lastname@example.org.
Two years ago, dozens of U.S. banks, including Citigroup, JPMorgan Chase, and Bank of America, began working on a secret, ultrasecure data bunker called Sheltered Harbor. The data bunker holds a copy of all bank transaction data to protect it from a devastating cyberattack.
What is Sheltered Harbor?
Sheltered Harbor is an initiative undertaken by the financial services sector. It provides an extra layer of protection against potential cyber risks. Sheltered Harbor is designed to provide enhanced protection for the customer accounts and data of financial institutions. Its goal is to securely store account data and to recover it even in the event of the loss of operational capability of a bank or brokerage.
Multiple industry associations collaborated to develop and deliver Sheltered Harbor. They include:
American Bankers Association
Credit Union National Association
Independent Community Bankers of America
Financial Services Forum
Financial Services Information Sharing and Analysis Center (FS-ISAC)
Financial Services Roundtable
National Association of Federal Credit Unions
Security Industry and Financial Markets Association
The Clearing House
These financial services industry trade groups have established new resiliency capabilities to ensure that consumers will be able to access their financial accounts even if their banks or brokerages go out of business.
Large banks pay $50,000 to become members of Sheltered Harbor. Smaller banks pay less. Members receive access to the full set of Sheltered Harbor specifications to ensure secure storage and recovery of their account data.
Sheltered Harbor Provides Data Security
Sheltered Harbor provides data security through multiple mechanisms:
- It is physically isolated from unsecured networks. It has no connection to the Internet (it is air-gapped).
- It is redundant and decentralized.
- It can survive any attack or disaster because the vaults that store the banking transactions are distributed geographically. Any disaster will leave at least one vault operational.
- It prevents data stored in its vaults from being changed by hackers or other unauthorized personnel.
- It is owned by each participant.
Customer data stored in a Sheltered Harbor data vault is encrypted and kept private by the institution owning that data. Extracted data is decrypted, validated, formatted, and re-encrypted before it is transmitted to the requesting party via industry-established file formats.
Sheltered Harbor establishes standards to increase the resiliency of participating institutions so that they can reliably access their data. It promotes the adoption of these standards and monitors the adherence of financial institutions to these standards so that consumers benefit from the added protections.
A Backup Buddy System
Sheltered Harbor provides a backup buddy system. Banks choose ‘restoration’ partners that store a vault of one another’s core data, which is updated each night. If one bank goes down, the other can restore accounts from its buddy vault and make customers whole. Thus, redundant backup vaults eliminate the risk of a single point of failure.
Each day, participating banks and brokerage houses convert customer data into a standardized format, encrypt it, save it in air-gapped storage, and put it in the air-gapped storage medium of their restoration partners. Thus, the data is archived in secure vaults that are protected from alteration or deletion.
Sheltered Harbor is Complementary to FS-ISAC
FS-ISAC (Financial Services – Information Sharing and Analysis Center) is a U.S. industry trade group representing securities firms, banks, and asset management companies. It is the global financial industry’s resource for cyber and physical threat intelligence analysis and sharing.
FS-ISAC is a member-owned, non-profit organization. It was created by and for the financial services industry to help assure the resilience and continuity of the global financial services infrastructure against acts that could significantly impact the sector’s ability to provide services critical to the orderly function of the global financial system and economy. Founded in 1999, FS-ISAC has over 7,000 members worldwide.
FS-ISAC enables financial institutions to securely store and rapidly reconstitute account information should the data become lost or corrupted. FS-ISAC makes account information available to customers in the event that an institution appears unable to recover from a cyber incident. In this respect, FS-ISAC performs functions similar to that of Sheltered Harbor and adds to the capabilities of Sheltered Harbor.
Sheltered Harbor was created to provide secure and resilient storage for the financial transactions of banks and brokerages. It is unique in that it is owned by the participating financial institutions.
Will Sheltered Harbor ever use blockchain technology to increase its security and resilience? A blockchain model has been created based on the Ethereum block chain. However, it has yet to gain approval by the participating financial institutions.
Information for this article was taken from the following sources:
FS-ISAC and Sheltered Harbor; November 23, 2016.
Banks’ underground data vault is evolving – will it use blockchain next?, American Banker; February 16, 2018.