Bank of America moves to further ramp up security with new CISO

Former Booz Allen Hamilton exec to oversee effort to bolster security after WikiLeaks said it holds 5GB of insider bank data

Bank of America has named Patrick Gorman, a veteran government and corporate technology executive, as its new chief information security officer.

Gorman was most recently a senior executive adviser at Booz Allen Hamilton, a consulting firm hired by Bank of America after whistleblower Web site WikiLeaks late last year said it planned release thousands of insider documents that it had obtained from a former bank worker.

Gorman will be responsible for overseeing the bank's overall information security strategy; he will report to CTO Marc Gordon, according to a Bank of America statement issued on Thursday.

Gorman had earlier served as associate director of national intelligence and acting CIO at the U.S. Office of the Director of National Intelligence. In that role, he oversaw the U.S. intelligence community's incident response center and shared responsibility for an effort to improve information sharing among agencies via technology integration.

Gorman also worked in multiple U.S. Air Force units, including the Electronic Security Command, Intelligence and the Special Operations Command. During his 10-year Air Force stint, he also worked with the National Security Agency's cryptologic support group, the statement said.

Gorman's experience is sure to come handy in his new role at Bank of America.

The bank has been in damage-control mode since WikiLeaks founder Julian Assange disclosed last November that WikiLeaks held more than 5GB of internal data, including tens of thousands of sensitive internal documents, from an unnamed major U.S. bank.

Assange still hasn't named the bank, but he has said that the documents would soon be accessible on the WikiLeaks site. Many experts have speculated that the documents belong to Bank of America.

In fact, in a 2009 interview with the IDG News Service, Assange said WikiLeaks had obtained some 5GB of data that had been stored on the hard drive of a Bank of America executive.

The bank has since taken a series of measures to try to identify the source of the leak -- and to determine what documents are involved.

In January, the New York Times reported that the bank had assembled a 15-to-20-person team to develop a damage-control plan in the event that WikiLeaks followed through on its threat.

The team, which is headed by Bruce Thompson, Bank of America's chief risk officer, was tasked with conducting a broad internal investigation to determine what documents might have been leaked. The bank hired Booz Allen to help in that effort.

In February, WikiLeaks released a document that appeared to show that the bank had hired three intelligence firms to help develop a strategic plan of attack against WikiLeaks.

And last month, a group known as Anonymous, which is a loose affiliation of hackers who support the WikiLeaks cause, released email messages and documents that purportedly prove mortgage fraud. Anonymous said those documents were obtained from a former Bank of American employee.

It's unclear whether the documents released by Anonymous are the same ones that Assange claimed were obtained by WikiLeaks.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Copyright © 2011 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon