Wall Street has tapped former National Security Agency director Keith Alexander to form a council that would coordinate how banks and the government respond to cyber attacks, according to an internal industry proposal obtained by HuffPost.
Alexander led the NSA when former contractor Edward Snowden revealed how the agency had conducted widespread surveillance on Americans. Since leaving the NSA in March, Alexander has started his own consulting firm, IronNet Cybersecurity Inc., reportedly charging between $600,000 and $1 million per month for his services.
The financial industry's main lobbying group, the Securities Industry and Financial Markets Association, now says Alexander will serve as a consultant for banks that want to create a "working group" to facilitate “much quicker, near real-time” sharing of information about hackers with the government, according to the proposal.
The current process, which is coordinated between the FBI, the Department of Homeland Security and the Treasury Department, can take days and “is not structured to provide actionable information as quickly as needed,” the proposal says.
The financial industry group also wants to create guidelines for when the government can “actively defend the industry against a disruptive and destructive cyber attack," according to its proposal.
Alexander has asked former DHS Secretary Michael Chertoff, who also formed his own consulting firm, The Chertoff Group, to serve as an adviser for the proposed cybersecurity council, the document says.
Rep. Alan Grayson (D-Fla.), who has publicly questioned how Alexander could serve as a consultant without revealing any classified information, said Tuesday that Congress “needs to keep an eye on” the industry’s proposed working group.
“Because of the murky nature of cybersecurity, I am concerned that a council like this might propose either physical attacks or cyberattacks by the US military on the perceived source of the threats,” Grayson said in a statement. “This could in effect make the banks part of what would begin to look like a war council.”
SIFMA spokeswoman Liz Pierce declined comment about the document, which was first reported by Bloomberg. The current status of the proposed council is unclear, and a DHS spokesperson also declined to comment.
The financial industry has been hit repeatedly by cyber attacks. For several weeks in late 2012, hackers attacked many of the country's largest banks, disrupting their websites and frustrating customers who were unable to access their online accounts.
At the time, American officials claimed those hackers were operatives of the Iranian government who were lashing out against American banks for U.S. sanctions against the country and a 2010 cyber attack that damaged Iran’s nuclear program, but offered no evidence to support those claims.
But those attacks may pale in comparison to "the next wave of attacks in the near-medium term" that could be far more destructive, potentially destroying data and computers, according to the industry’s proposal.
Such attacks could lead to bank account balances “being converted to zeros” and trigger “widespread runs on financial institutions” by damaging public confidence in bank security, the proposal says.
Several countries have the ability to destroy data in a cyber attack, and such capabilities are “likely to migrate to terrorist organizations in the not so far distant future,” the proposal says.
The industry group said it was also worried about the cybersecurity of the electric grid, which is “vulnerable to physical destruction of transformers and other equipment in a small number of undefended substations," the proposal said.
Congress has tried repeatedly to pass legislation that would allow for greater sharing of information on hackers between companies and the government. But the bills have failed to pass due largely to privacy and civil liberties concerns about sharing data with the government. Those fears have only escalated in the past year after Snowden's revelations about the NSA's ability to collect data on Americans.
On Tuesday, however, the Senate Intelligence Committee passed a bill that would make it easier for businesses and the government to share cyber threat information with each other. A similar bill passed the House last year.
Huffington Post reporter Ryan Grim contributed reporting to this story.