ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Community Banking

How ‘Sheltered Harbor’ Provides Safety from the Cyber Storm

March 27, 2017
Reading Time: 5 mins read

By Charles Keenan

While he’s not ready to retire anytime soon, Trey Maust has given thought to the concept over the past few years, a vision of where he would rely in large part on his wealth that resides in brokerage and bank accounts. Yet Maust, the co-president and CEO of $170 million-asset Lewis & Clark Bank, couldn’t help but wonder: What if one day his account balances evaporated in a sweeping cyber attack?

“I’m starting to think at some point I’m going to rely on those balances to live on, whether it’s in a brokerage firm or a bank,” he says. “I want to know I can point to something and say, ‘This is my balance.’”

So when Maust was approached last year to work on an initiative in the financial industry to safeguard customer information and account balances, he quickly signed up for the job. Maust, whose bank is based in Oregon City outside of Portland, saw a chance to represent community institutions at the table with some of the world’s largest financial companies to come up with a system that would save enough information to get customer balances back in the event of a cyberattack.

That system is now becoming a reality. Dubbed “Sheltered Harbor,” it allows financial institutions to securely store and quickly retrieve account information after an incident. It acts as a firewall of sorts, supplementing the defenses financial institutions already have by separating the information away from their own networks. The consumer data is stored and kept private by each institution, and is encrypted and protected from changes. Sheltered Harbor is also distributed, with no central repository of information.

“This is about making sure the public can retain confidence in the system if a bad thing happens,” says Steven Silberstein, chief executive of Sheltered Harbor, and a former chief technology officer for SunGard. “We can’t guarantee all our protections will succeed and we have to have a fallback just in case.”

Sheltered Harbor was created by the Financial Services Information Sharing and Analysis Center and its members, which includes banks, credit unions, brokerages, processors and financial trade associations, such as the American Bankers Association. The members represent roughly 60 percent of all U.S. retail banking and brokerage accounts. The goal is to have most members of the group using the system by the end of the year, then roll it out to the rest of the financial industry. The initiative was spearheaded by one of its board members, James Rosenthal, a former COO at Morgan Stanley.

Rosenthal and other industry executives saw a need to provide a backup to customer data in age where cyberattacks have grown in severity and shown no sign of abating. When it comes to cybersecurity, banks have done a good job of safeguarding customer information, but the increasing sophistication and frequency of the attacks is enough to keep chief executives in the financial industry up at night.

While breaches of American retailers, healthcare firms and government agencies are a common occurrence, a few incidents over the years highlighted the how all companies are vulnerable to breaches. One was the attack in 2013 of Target Corp., where hackers used malware to gain access to credit card numbers and personal information of more than 100 million customers, eventually leading its chief executive to resign. Another infamous attack was of Sony Pictures in 2014, where hackers released embarrassing files and emails of executives.

“The Sony attack clearly was a huge warning,” says Albert Kendrick, who serves on the Sheltered Harbor board and is CIO at FirstBank, a $17 billion-asset institution based in Lakewood, Colo., a suburb of Denver. “There were other attacks that were clear indicators that the risk was growing quickly.”

Perhaps even more alarming for bankers have been attacks in the financial industry. Cybercriminals stole $81 million from Bangladesh Bank in February 2016 by hacking credentials to send payment messages over SWIFT, a financial messaging network used in international transfers. Russia’s central bank said that hackers stole $31 million during the last year from its correspondent banks.

In essence, while the internet has changed lives, it was never designed to withstand the type of exploitation employed by hackers today, Silberstein notes. “The internet was created to provide information sharing and assumed that all of the participants were well-intentioned and trustworthy,” he says. “We are now in this continuous race to protect legacy infrastructure from the untrusted. It’s a challenge because the untrusted are investing huge sums of money trying to circumvent our protections.”

A proactive approach

In response to this constant threat, the financial industry came together, working with regulators to come up with a private-sector solution. Sheltered Harbor gives member firms a layer of protection beyond their own backup and recovery plans and systems. It’s a way for banks, brokerages and processors to save the critical account data in a standardized format for data, encryption and architecture. The system allows for a bank to stow away a snapshot of the customer accounts, the balances and enough transaction history to do tomorrow’s business.

“There is a real concern that with cyber terrorists today, there is the possibility that a financial institution could be attacked and not be able to recover,” Kendrick says. “This is the industry’s response, and [it] provides a way to recovery.”

In the event a bank couldn’t itself get up and running quickly enough, the system allows for processors or another financial institution to host the information. “Sheltered Harbor is an additional level of resiliency,” Silberstein adds. “And about making sure there is a good copy of a consumers account data that could be moved to a different fully operating processing plant.”

In terms of compliance, Sheltered Harbor has an “adherence framework,” basically a set of controls that allows for a way to confirm that an implementation has been properly done. The system is designed to be flexible. “Each bank gets to own and manage its data using the technology and location of its choosing,” Silberstein says.

Community bank input

That flexibility is important, because of the variety of members behind Sheltered Harbor in terms of type and size. Community banks, for example, are represented to ensure their interests are taken into account as the standards are hashed out.

Maust was recruited to Sheltered Harbor in part to ensure community institutions were represented. One issue was the degree to which institutions had to show they were in compliance to get certification. One proposal called for an outside auditor, which would be unaffordable for smaller institutions, Maust says. Instead, the solution will allow banks to vouch for that they are meeting standards, such as the cryptographic storage being used, and that the encrypted files are maintained on secure, survivable and transportable media. This self-monitoring approach boils down to, “Are you doing every one of the things you are supposed to be doing?” Maust says.

ADVERTISEMENT

Once banks get onboard, they’ll receive a certification that they’re Sheltered Harbor-ready. The goal is to eventually have the entire financial industry using the system, with banks using a certification seal as a marketing tool, to show consumers’ data are protected. “We want our customers to know we take it seriously—to make sure that we’re right there at the beginning,” says Bryan Greenbaum, a Sheltered Harbor board member who also serves as senior vice president and chief operating officer at Reading Cooperative Bank, a $504 million-asset institution in the Boston area.

Bank CEOs may never be 100 percent at ease when it comes to cybersecurity, but Sheltered Harbor marks another attempt to protect customers. “This is a way to instill confidence in the industry,” Maust says. “At least I know that I can tell my customers their information on their account balances is safe.”

Charles Keenan is a freelance writer in California.

Tags: CybersecurityData breachesRisk management
ShareTweetPin

Related Posts

Research finds finance industry leads in corporate social responsibility

Research finds finance industry leads in corporate social responsibility

Community Banking
June 27, 2025

Financial institutions are at the forefront in volunteering engagement at 22.2%, nearly a 50% increase from 2023.

OCC seeks comment on digitalization challenges for community banks

ABA offers recommendations to boost community bank digitalization

Community Banking
June 26, 2025

The OCC should proactively support responsible community bank digitalization through transparency, information sharing and meaningful dialogue with stakeholders, ABA said.

ABA faults banking regulators for confusing CRA rule rollout

Regulators release 2025 list of distressed, underserved communities

Community Banking
June 25, 2025

Federal banking regulators made available the 2025 list of distressed or underserved nonmetropolitan middle-income geographies.

OCC sees need for regulatory reform in bank merger process

First Financial in Ohio to buy Westfield Bancorp

Community Banking
June 24, 2025

First Financial Bancorp in Cincinnati has agreed to buy Westfield Bancorp in Westfield Center, Ohio.

Podcast: Staying close to clients amid tariff-driven volatility

Podcast: Staying close to clients amid tariff-driven volatility

ABA Banking Journal Podcast
June 18, 2025

Amid tariff-related volatility, how are small and midsize businesses and the banks that serve them faring?

FDIC, OCC tighten policy considerations for bank merger applications

Report: Bank merger activity continues at steady pace

Community Banking
June 18, 2025

While there was a temporary stall in bank merger activity in early 2025 because of the economic fallout of tariffs and other Trump administration policies, overall quarterly deal announcements have held steady, according to a new analysis by...

NEWSBYTES

ABA asks IRS to delay new reporting requirement

June 30, 2025

ABA supports climate disclosure exclusions, warns of alternative disclosures

June 30, 2025

OCC report: Banking system sound, key risks highlighted

June 30, 2025

SPONSORED CONTENT

AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025

PODCASTS

Podcast: Inside ABA’s new Treasury Check Verification System API

June 25, 2025

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.