Thursday, February 6, 2014

Banks, regulators moving to thwart cyberattacks

WASHINGTON — Financial regulators and industry officials said Monday they have made progress in efforts to safeguard financial institutions from the kind of cyberattacks that disrupted large-bank websites last year but much work remains.

The government is sharing intelligence with financial institutions and the industry is spending millions of dollars to better protect their networks, officials said at a meeting of the Financial Stability Oversight Council.

"Our experience over the last couple of years shows that cyberthreats to financial institutions and markets are growing in both frequency and sophistication," Assistant Treasury Secretary Cyrus Amir-Mokri told the council. The inter-agency panel was formed after the 2008 financial crisis to improve oversight of banks and better monitor risks to the financial system.

Financial institutions have faced a growing number of network-based threats in recent years, including denial-of-service attacks last fall that slowed the websites of banks such as Chase and Bank of America.

Last year, President Obama issued an executive order directing agencies to better share information with the private sector to head off those and more serious ones that could disrupt the financial system.

Over the past year, Amir-Mokri said, Treasury has set up detailed briefings for financial companies and regulators, some of which were classified, to share best practices with the industry. Treasury also has declassified certain information to inform the industry of potential threats.

BB&T CEO Kelly King said the threat to the industry has expanded "from fraudsters committing financial theft" to "hacktivists … causing disruption to nation states" and "threatening serious data manipulation and destruction."

Among other things, he said, the financial industry is:

• Investing money to create more secure "cloud" networks so credit and debit card transactions will be more secure.

• Trying to obtain the rights to two new top-! level domains — dotbank and dotinsurance — that would keep out fraudsters more effectively than the widely used dotcom domain.

• Automating the sharing of threat information to make it faster and more efficient.

• Conducting elaborate simulations of multiple cyberattacks from both outside entities and "malicious insiders. "

"The world has changed and it's not going back," King said. "We've made progress but we have a long way to go."

The meeting was likely the last for Federal Reserve Chairman Ben Bernanke, a member of the council who plans to step down as Fed chair next month. It was also the final meeting of FSOC member Gary Gensler, who is stepping down as chairman of the Commodity Futures Trading Commission.

Treasury Secretary Jack Lew, who chairs the council, said Bernanke's "boldness and creativity (during the financial crisis) were critical in avoiding another Great Depression."

Bernanke said the council "has served its purpose of working together better. We can't look (at the financial system) piece by piece. We have to look at it together as a whole."

No comments:

Post a Comment