Fed records show dozens of cybersecurity breaches
UP ALL NIGHT
The Fed's national cybersecurity team - the National Incident Response Team, or NIRT - created 263 of the incident reports obtained by Reuters.
NIRT operates in a fortress-like building in East Rutherford, New Jersey that also processes millions of dollars in cash everyday as part of the central bank's duty to keep the financial system running, according to the New York Fed's website. The unit provides support to the local cybersecurity teams at the Fed's Board and regional banks, which process more than $3 trillion in payments every day.
The NIRT handles "higher impact" cases, according to a 2013 report by the Board of Governor's Office of Inspector General.
One of the two former NIRT employees interviewed by Reuters described being on a team that once worked around the clock for five-straight days to patch software hackers had used to gain access to Fed systems in an attempt to obtain passwords. The former employee worked through several of those nights, taking naps at a desk in the office.
In that case, Fed security staff found no signs that sensitive information had been disclosed, the former employee said. Information about future interest rate policy discussions is isolated from other Fed networks and is more difficult for hackers to access, the former NIRT worker said.
But the Fed was under constant assault, much like any large company, the former employee said, and was "compromised frequently."
An internal watchdog has criticized the central bank for cybersecurity shortcomings. A 2015 audit by the Fed board's Office of Inspector General found the board was not adequately scanning databases for vulnerabilities or putting enough restrictions on system access.
"There is heightened risk of unauthorized disclosure and inappropriate use of sensitive board information," according to the audit released in November.