ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Community Banking

How ‘Sheltered Harbor’ Provides Safety from the Cyber Storm

March 27, 2017
Reading Time: 5 mins read

By Charles Keenan

While he’s not ready to retire anytime soon, Trey Maust has given thought to the concept over the past few years, a vision of where he would rely in large part on his wealth that resides in brokerage and bank accounts. Yet Maust, the co-president and CEO of $170 million-asset Lewis & Clark Bank, couldn’t help but wonder: What if one day his account balances evaporated in a sweeping cyber attack?

“I’m starting to think at some point I’m going to rely on those balances to live on, whether it’s in a brokerage firm or a bank,” he says. “I want to know I can point to something and say, ‘This is my balance.’”

So when Maust was approached last year to work on an initiative in the financial industry to safeguard customer information and account balances, he quickly signed up for the job. Maust, whose bank is based in Oregon City outside of Portland, saw a chance to represent community institutions at the table with some of the world’s largest financial companies to come up with a system that would save enough information to get customer balances back in the event of a cyberattack.

That system is now becoming a reality. Dubbed “Sheltered Harbor,” it allows financial institutions to securely store and quickly retrieve account information after an incident. It acts as a firewall of sorts, supplementing the defenses financial institutions already have by separating the information away from their own networks. The consumer data is stored and kept private by each institution, and is encrypted and protected from changes. Sheltered Harbor is also distributed, with no central repository of information.

“This is about making sure the public can retain confidence in the system if a bad thing happens,” says Steven Silberstein, chief executive of Sheltered Harbor, and a former chief technology officer for SunGard. “We can’t guarantee all our protections will succeed and we have to have a fallback just in case.”

Sheltered Harbor was created by the Financial Services Information Sharing and Analysis Center and its members, which includes banks, credit unions, brokerages, processors and financial trade associations, such as the American Bankers Association. The members represent roughly 60 percent of all U.S. retail banking and brokerage accounts. The goal is to have most members of the group using the system by the end of the year, then roll it out to the rest of the financial industry. The initiative was spearheaded by one of its board members, James Rosenthal, a former COO at Morgan Stanley.

Rosenthal and other industry executives saw a need to provide a backup to customer data in age where cyberattacks have grown in severity and shown no sign of abating. When it comes to cybersecurity, banks have done a good job of safeguarding customer information, but the increasing sophistication and frequency of the attacks is enough to keep chief executives in the financial industry up at night.

While breaches of American retailers, healthcare firms and government agencies are a common occurrence, a few incidents over the years highlighted the how all companies are vulnerable to breaches. One was the attack in 2013 of Target Corp., where hackers used malware to gain access to credit card numbers and personal information of more than 100 million customers, eventually leading its chief executive to resign. Another infamous attack was of Sony Pictures in 2014, where hackers released embarrassing files and emails of executives.

“The Sony attack clearly was a huge warning,” says Albert Kendrick, who serves on the Sheltered Harbor board and is CIO at FirstBank, a $17 billion-asset institution based in Lakewood, Colo., a suburb of Denver. “There were other attacks that were clear indicators that the risk was growing quickly.”

Perhaps even more alarming for bankers have been attacks in the financial industry. Cybercriminals stole $81 million from Bangladesh Bank in February 2016 by hacking credentials to send payment messages over SWIFT, a financial messaging network used in international transfers. Russia’s central bank said that hackers stole $31 million during the last year from its correspondent banks.

In essence, while the internet has changed lives, it was never designed to withstand the type of exploitation employed by hackers today, Silberstein notes. “The internet was created to provide information sharing and assumed that all of the participants were well-intentioned and trustworthy,” he says. “We are now in this continuous race to protect legacy infrastructure from the untrusted. It’s a challenge because the untrusted are investing huge sums of money trying to circumvent our protections.”

A proactive approach

In response to this constant threat, the financial industry came together, working with regulators to come up with a private-sector solution. Sheltered Harbor gives member firms a layer of protection beyond their own backup and recovery plans and systems. It’s a way for banks, brokerages and processors to save the critical account data in a standardized format for data, encryption and architecture. The system allows for a bank to stow away a snapshot of the customer accounts, the balances and enough transaction history to do tomorrow’s business.

“There is a real concern that with cyber terrorists today, there is the possibility that a financial institution could be attacked and not be able to recover,” Kendrick says. “This is the industry’s response, and [it] provides a way to recovery.”

In the event a bank couldn’t itself get up and running quickly enough, the system allows for processors or another financial institution to host the information. “Sheltered Harbor is an additional level of resiliency,” Silberstein adds. “And about making sure there is a good copy of a consumers account data that could be moved to a different fully operating processing plant.”

In terms of compliance, Sheltered Harbor has an “adherence framework,” basically a set of controls that allows for a way to confirm that an implementation has been properly done. The system is designed to be flexible. “Each bank gets to own and manage its data using the technology and location of its choosing,” Silberstein says.

Community bank input

That flexibility is important, because of the variety of members behind Sheltered Harbor in terms of type and size. Community banks, for example, are represented to ensure their interests are taken into account as the standards are hashed out.

Maust was recruited to Sheltered Harbor in part to ensure community institutions were represented. One issue was the degree to which institutions had to show they were in compliance to get certification. One proposal called for an outside auditor, which would be unaffordable for smaller institutions, Maust says. Instead, the solution will allow banks to vouch for that they are meeting standards, such as the cryptographic storage being used, and that the encrypted files are maintained on secure, survivable and transportable media. This self-monitoring approach boils down to, “Are you doing every one of the things you are supposed to be doing?” Maust says.

ADVERTISEMENT

Once banks get onboard, they’ll receive a certification that they’re Sheltered Harbor-ready. The goal is to eventually have the entire financial industry using the system, with banks using a certification seal as a marketing tool, to show consumers’ data are protected. “We want our customers to know we take it seriously—to make sure that we’re right there at the beginning,” says Bryan Greenbaum, a Sheltered Harbor board member who also serves as senior vice president and chief operating officer at Reading Cooperative Bank, a $504 million-asset institution in the Boston area.

Bank CEOs may never be 100 percent at ease when it comes to cybersecurity, but Sheltered Harbor marks another attempt to protect customers. “This is a way to instill confidence in the industry,” Maust says. “At least I know that I can tell my customers their information on their account balances is safe.”

Charles Keenan is a freelance writer in California.

Tags: CybersecurityData breachesRisk management
ShareTweetPin

Related Posts

Bankers urge lawmakers to ease regulatory hurdles for de novo bank formation

Bankers urge lawmakers to ease regulatory hurdles for de novo bank formation

Community Banking
May 14, 2025

The founders of two de novo banks shared with lawmakers the challenges of launching a new financial institution in the current regulatory climate, and they pushed for legislation to ease some of those burdens in the early years...

ABA comments on proposal to improve accounting in tax credit structures

House committee advances tax package with ABA priorities

Ag Banking
May 14, 2025

The House Ways and Means Committee voted along party lines to advance a federal budget reconciliation tax package that includes several of ABA's policy priorities

ABA, associations urge lawmakers to finalize deal on debt ceiling

ABA urges lawmakers to lift regulatory barriers to bank merger, de novo formation

Community Banking
May 14, 2025

Narrow supervisory standards, inconsistent approval timelines and other regulatory impediments are limiting new bank formation and leading to further consolidation in the financial sector, ABA said.

Directors Briefing: Millbury National Bank marks 200 years  of independence with CEO transition

Directors Briefing: Millbury National Bank marks 200 years of independence with CEO transition

Directors Briefing
May 14, 2025

“Millbury National has always been about serving our community, and that will never change.”

OCC sees need for regulatory reform in bank merger process

Chickasaw Banc Holding to buy Oklahoma Heritage Bank

Community Banking
May 13, 2025

Chickasaw Banc Holding in Oklahoma City has agreed to buy Oklahoma Heritage Bank in Ada.

ABA, associations urge Congress to overturn CFPB credit card late fees rule

Federal budget reconciliation tax package includes ACRE Act, other ABA priorities

Ag Banking
May 12, 2025

Congressional leaders unveiled a federal budget reconciliation tax package that contains several banking industry priorities, including language to expand access to affordable real estate credit in rural areas, as championed by ABA.

NEWSBYTES

Bankers urge lawmakers to ease regulatory hurdles for de novo bank formation

May 14, 2025

Report: Federal, state attempts to limit credit card interchange would harm consumers

May 14, 2025

House committee advances tax package with ABA priorities

May 14, 2025

SPONSORED CONTENT

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025
AI for Banks: A Starter Guide for Community and Regional Institutions

AI for Banks: A Starter Guide for Community and Regional Institutions

March 1, 2025

PODCASTS

Podcast: Accelerating banking for quick-service restaurants

May 8, 2025

How a Georgia community bank supports government-guaranteed lending nationwide

May 1, 2025

Podcast: Quantum computing’s shakeup in payments, cybersecurity

April 24, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.