FOR IMMEDIATE RELEASE
ICBA Supports BITS Efforts to Shore Up Software Security
Washington, D.C. (March 8, 2004) - The Independent Community Bankers of America strongly supports industry efforts led by BITS to promote a secure and confidential environment for the financial services sector, one of the nation's critical infrastructures. The Business Requirements created by BITS members are the linchpin of these efforts.
BITS is a nonprofit consortium of 100 of the nation's largest financial institutions.
The Business Requirements encourage software vendors to provide a higher "duty of care" when selling to critical infrastructure companies by making security a fundamental component of software design; supporting older versions of software (such as Microsoft Windows NT) past the end of their estimated life cycle; and providing better security-trained and security-certified developers on product teams.
In addition, the Business Requirements encourage software vendor compliance with sector-security requirements before software products are released and the development of a patch-management process that is more secure, more efficient and less costly.
According to BITS, the cost of software vulnerabilities and patch management to the financial services industry is approaching $1 billion annually. "While figures are unavailable regarding the cost allocation for community banks, the cost of addressing these issues is just as material for smaller banks as larger banks," noted ICBA Vice Chairman David Hayes. Hayes serves as ICBA's representative on the BITS board of directors and is the president and CEO of Security Bank in Dyersburg, Tenn. "Improving the security of the financial services sector's critical infrastructure is an issue of paramount importance to community banks and their customers."
According to the 2002 ICBA/InFinet Community Bank Technology Survey, approximately 59 percent of the respondents use Microsoft Windows NT. "Given this market penetration, it will be extremely onerous and costly for community bank users to prematurely migrate to successor applications due to a lack of product support," Hayes said.
"Software security is a critical issue for all members of our nation's financial infrastructure, as well as other critical infrastructure sectors. Because ICBA is a member of the BITS board of directors and a key voice for the nation's community banks, its support of these efforts is critical," noted BITS CEO Catherine A. Allen.
"ICBA is pleased to support this BITS initiative that benefits all sector companies and their customers," said Camden R. Fine, incoming ICBA President and CEO. "We are optimistic that all software vendors will work collectively with the industry to ensure a safe and secure financial services sector."