Fed should lead cyber defense for financial industry, banks say

May 7, 2013 11:01 AM

U.S. banks urged the Federal Reserve to take the lead in defending the financial services industry from cyber attacks by working with federal counterterrorism, intelligence and law enforcement agencies, documents show.

Bank representatives on the Federal Advisory Council said at their last gathering on Feb. 8 in Washington that the Fed should collect and distribute threat information to lenders, law enforcement, securities exchanges and clearinghouses, according to meeting minutes obtained today through a Freedom of Information Act request by Bloomberg News.

Lenders said cybersecurity is “a critical issue for the industry and the financial system” and that they are stepping up plans to mitigate incursions after recent attacks, minutes showed. Some institutions received assistance from the Treasury Department and National Security Agency, the records show.

“The Fed is already well equipped to play a role in sharing sensitive information among banks without disclosing commercially sensitive data,” bankers said, according to the minutes. The Fed should offer “advisory services as a trusted interlocutor between banks and other government agencies in relaying selected threat information to the banking community.”

Bankers said the Fed should coordinate between lenders, regulators, and intelligence agencies to protect the financial system and set up a central source of information on attacks. They said the Fed should provide financial expertise to the Federal Bureau of Investigation and Department of Homeland Security, and work with other agencies to ensure they don’t establish duplicative regulatory requirements, minutes show.

Intelligence Officials

U.S. lawmakers are renewing a push to pass cybersecurity legislation following warnings by intelligence officials that electronic attacks could disrupt banks, telecommunications, utilities and other services. Congress last year failed to pass cybersecurity legislation that had bipartisan support.

Banks have been targeted by attacks known as distributed denial-of-service, or DDoS, in which hackers flood a computer system with information to shut it down. While lenders have acknowledged the attacks damaged their websites, hackers reached deeper than institutions have said, according to research by Symantec Corp., the Mountain View, California-based information security company that investigated the incidents.

Symantec’s findings show that the attacks, which have been a threat for years, have evolved from nuisances causing temporary website outages into robbing banks. Hackers drained $9 million in two hours from one European bank’s automated teller machines in 46 cities, Symantec said. Tens of millions of dollars were stolen from a dozen European banks in the past year in this way.

Fed Attacked

The Fed itself faced an attack this year when intruders breached a website it uses to stay in touch with banks during emergencies. The Richmond Fed, the regional bank that runs the central bank’s information-technology office, said the February incident didn’t affect critical operations of the Federal Reserve System.

A group claiming to be the hacker-activist organization known as Anonymous took responsibility for the breach. The group posted the names, titles and e-mail addresses of more than 4,000 bankers on the pastebin.com website, according to the American Bankers Association in Washington.

The advisory council, made up of 12 banking industry representatives from each Federal Reserve district, meets four times a year in Washington. Members, who serve for one year, include James Gorman, chief executive officer of New York-based Morgan Stanley, owner of the world’s biggest brokerage, and Jim Rohr, CEO of Pittsburgh-based PNC Financial Services Group Inc., the second-largest U.S. regional bank.

Bloomberg News

About the Author