1999BITS, the technology group for The Financial Services Roundtable, announced today the establishment of the BITS Financial Services Security Laboratory located in Reston, VA. The new facility will open on July 28th and will enable financial services companies and technology vendors to work cooperatively to further strengthen the security of electronic banking systems and related technologies.
Global Integrity Corporation, a subsidiary of Science Applications International Corporation (SAIC) will operate the BITS Laboratory, with funding from participating vendors. The major objectives of the facility are early product influence, risk reduction, cost reduction, and security functionality.
The Security Lab ultimately will rest security features and capabilities of products in both stand alone and distributed environments for select PC operating systems, browsers, servers, and applications software used for PC banking; anti-virus software firewalls; and end-to-end security systems. Products will be tested for their ability to meet specific criteria pertaining to security attributes such as authentication, integrity, confidentiality, privacy, auditability and authorization.
‘The BITS Security Lab will help to sustain public confidence in the financial services industry’s ability to prevent and respond to security-related incidents in electronic banking,’ said Edward E. Crutchfield, Chairman and CEO of First Union Corporation and Chairman of the BITS Board of Directors. ‘The capabilities provided by the new facility will save time and money in the process of evaluating the safety and validity of financial products and will allow us to better serve the customer,’ stated Crutchfield.
A BITS-Tested Process, including a BITS-Tested Mark, will be implemented to certify testing of security-related technology against established criteria. For banks and vendors alike, the BITS-Tested Process and the Laboratory will provide and unbiased third-party evaluation, with product testing on meet common criteria. The BITS-Tested Mark will be given upon successful completion of the testing cycle, indicating the overall security level for the product. Mark issuance will be posted on the BITS Web site.
‘The financial services industry takes security issues very seriously,’ said Robert W. Gillespie, Chairman and CEO, KeyCorp, and Chairman of The Financial Services Roundtable Board. ‘Traditionally, security is the key to consumer confidence,’ he continued, adding, ‘The new BITS Financial Services Security Lab is a bold and important step to ensure comprehensive security in banking systems.’
‘Sun strongly supports testing against open standards,’ said Scott McNealy, Chairman and CEO, Sun Microsystems, Inc. ‘The BITS Lab process will provide for cooperation among vendors and banks while protecting what each considers to be the proprietary aspects of their technology.’
‘Microsoft supports the BITS Security Lab because we are committed to developing, testing and applying technology that further straightens the safety and security of the electronic banking experience for consumers,’ said Mike Dushe, Product Manager, Smart Card for Windows, Microsoft Corporations. ‘Working in concert with the financial services industry and alongside other vendors, we believe the Lab provides the kind of technical cooperation that breeds confidence while continuing the marketplace competition that delivers excellence for our customers.’
‘We are delighted with BITS’ leadership in this area,’ said Richard Kovacevich, President and CEO of Wells Fargo and Company, and Immediate Past Chairman of The Financial Services Roundtable. ‘This BITS Security Lab provides us with an opportunity to demonstrate to legislators and regulators the proactive steps the financial services industry is taking to assure security in all working components of the banking systems,’ he stated.
William M. Randle, Executive Vice President, Huntington National Bank, and Co-Chair of the BITS Security and Risk Assessment Steering Committee said, ‘The establishment of the Security Lab is one of the most specific ways to industry can move toward meeting the requirements of the Office of the Comptroller of the Currency (OCC) Bulletin (98-38) on technology risk management in PC Banking.’ He added that, ‘this effort will promote and facilitate a more sound, secure channel for electronic commerce that will accelerate the growth and acceptance of doing business on the Internet.’
Peter Browne, Senior Vice President, First Union Corporation, and the order Co-Chair of the BITS Security and Risk Assessment Steering Committee, explained that, ‘ Creating a BITS Tested Mark of certification establishes a process providing every vendor and financial institution with a baseline for evaluating all products, both existing and planned. In addition, the process will help eliminate much of the redundancy in vendor product-testing with individual financial institutions.’
‘The BITS Laboratory initiative is good for the consumer, the banking industry and those of us who endeavor to build trust in electronic commerce applications and infrastructure,’ said Harvey L. Weiss, President and CEO of Global Integrity. ‘BITS and the banks have taken a proactive step towards raising the bar for the industry, and Global Integrity is delighted to be working with BITS in this pioneering efforts.’
Rhonda MacLean, Senior Vice President, Bank of America noted, ‘The BITS Financial Services Security Lab initiative offers information technology professionals within the financial services sector and the vendor community an outstanding opportunity to collaborate. This will support a secure emerging online electronic commerce environment and promote security and privacy initiatives to meet the needs of our customers.’
BITS CEO Catherine A. Allen said that various steps are in place to allow the security facility to begin accepting product test applications in July 1999. A Working Group has been formed, chaired by Dan Nealis, Senior Vice President, Chase Manhattan Bank, to meet these objectives. ‘We are currently defining product prioritization and testing criteria. Our goal is to provide financial institutions and product vendors with a consistent and meaningful set of security tests. We will be asking for input from the vendor community, and ultimately from the brokerage and insurance industries, to help in this process,’ said Nealis. ‘Software companies are eager to have their products tested,’ he noted, adding that, ‘We plan to start with commercially available products and will move into earlier stages of product development as we gain experience and increase capacity.’
The BITS Security and Risk Assessment Steering Committee has responsibility for setting policy and directing the new technology facility, with the day-to-day management of the facility to be conducted by Global Integrity.
BITS, the technology group for The Financial Services Roundtable, was created in 1996 to foster the growth and development of electronic banking and e-commerce in an open environment that will encourage greater choice and efficiency in financial software, access devices, networks and processing capabilities for the benefit of financial institutions and their customers. BITS promotes safety and soundness in payment systems and in electronic banking products. BITS is governed by a Board of Directors comprised of the Chairman and CEOs of the 14 largest U.S. Bank holding companies as well as representatives of the American Banker Association (ABA) and the Independent Community Bankers of America (ICBA). For more information, visit the BITS Web site at [www.bitsinfo.org].
About Global Integrity
Global Integrity is a wholly owned subsidiary of Science Application International Corporation (SAIC). It focuses on the rapidly growing worldwide business of enabling e-commerce through the information protection market. Headquarters in Reston, VA., Global Integrity provides a full complement of information protection, electronic commerce security, consulting and engineering services to global financial institutions and major corporations with electronic operation worldwide. More information can be found at Global’s Web site at [www.globalintegrity.com]