A US Treasury Department program that shares cybersecurity intelligence with financial institutions is set to end this month after the agency cut its funding, according to records seen by Bloomberg News.
Banks and other financial organizations were told in late March that the threat information feed would cease updating and their login credentials would stop working on April 24, according to an emailed "notice of service termination."
The cyber threat intelligence program, known as the Automated Threat Information Feed, was launched in 2024 as part of Treasury's "Project Fortress" initiative to boost cybersecurity in the financial sector. It's set to end weeks after Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell summoned Wall Street leaders to a meeting in Washington to emphasize that the latest artificial intelligence model from Anthropic PBC, Mythos, will usher in an era of greater cyber risk.
Even as the information-sharing initiative ends for financial institutions, Treasury is starting a similar program for digital assets firms. Last week, the agency announced an information-sharing plan that will give such companies free access to "the same actionable cybersecurity information Treasury regularly shares with traditional US financial institutions."
It's unclear why the Treasury stopped funding the existing program. Treasury officials didn't respond to questions seeking comment.
In an interview on CNBC Wednesday morning, Bessent downplayed the urgency of his meeting with Wall Street leaders, saying it was "a bit overdramatized." He said it was called because all the bank leaders were in Washington for a separate event.
In the "notice of service termination" reviewed by Bloomberg, an official with the Pacific Northwest National Laboratory told subscribers that they'd reach out if "opportunities arise to resume" it. The laboratory had a role in running the program, but its scope is unclear.
A Pacific Northwest National Laboratory spokesperson declined to comment, referring questions about the program to the Treasury.
Several major banks didn't respond to inquiries about the feed ending, indicated they didn't use it, declined to comment or said they didn't "rely" on it.
The intelligence feed that's set to be eliminated was meant to allow banks to share cybersecurity information among themselves and pump out information from the government that would boost their defensive tools. It was also meant to provide the banking sector with the type of cyber intelligence exchange done between government agencies looking to flag threats to one another, according to a US official and another person familiar with the program. Both of them, along with several others, spoke on condition that they not be identified because aspects of the program were confidential or they weren't authorized to discuss them.
However, the system struggled to get traction in the financial industry, where some saw it as duplicative of other threat intelligence tools, according to the official, the person and a banking executive familiar with the matter. The program had a few hundred subscribers and was primarily used by small and midsized banks that lack the large security operations of their larger counterparts, another person familiar with it said.
Anjelica Dortch, vice president of operational risk and cybersecurity policy at the Independent Community Bankers of America, said the organization and its members "look forward to collaborating with Treasury and the administration on current and evolving cybersecurity initiatives." The trade group didn't answer questions about the impact of the program ending.
There are a variety of threat intelligence tools offered by cybersecurity companies and many industries have their own security information sharing groups. A spokesperson for the Financial Services Information Sharing and Analysis Center, which continues to play this role in the financial sector, declined to comment on the ending of the Treasury program.