Treasury urges financial sector to redouble efforts against cyber attacks
In remarks at CNBC and the Institutional Investor's 4th
Annual Delivering Alpha Conference, U.S. Treasury Secretary Jacob Lew
specifically called on the U.S. financial sector to improve cybersecurity by
using the Administration's new cybersecurity framework for their own systems
and as a way to evaluate outside vendors. The
National Institute of Standards and Technology's (NIST) Framework for Improving
Critical Infrastructure Cybersecurity, was released in February 2014 and
provides a blueprint that firms of all sizes can use to evaluate, maintain, and
improve the resiliency of their computer systems.
As you know there has been an increased focus on cybersecurity on the regulatory front:
- In 2013, the Federal Financial
Institutions Examination Council (FFIEC) established a working group to further
promote coordination across the federal and state banking regulatory agencies
on critical infrastructure and cybersecurity issues. [CompBlog
- Early in 2014, NCUA announced that
cybersecurity risk would be an area of increased focus. “NCUA field staff will evaluate credit
unions’ ability to assess and mitigate cybersecurity risk and respond to
cyber-attacks. Credit unions of all sizes will be expected to implement appropriate
risk mitigation controls – including vendor due diligence, strong password processes,
proper patch management and network monitoring – to better prevent, detect, and
recover from cyber-attacks.” [NCUA Letter to
Credit Unions 14-CU-02].
- And just last month we covered in CompBlog
that FFIEC member agencies are conducting a cybersecurity assessment during
regularly scheduled exams aimed at improving cybersecurity risk management at
community institutions (about half are credit unions).
In his remarks, Secretary Lew said it was "time to pass cyber legislation." For Secretary Lew's full remarks from the Delivering
Alpha Conference click here. To read Treasury’s announcement click here.