Reg­u­la­tors aim to strengthen in­dus­try’s cy­ber de­fenses

Daily Local News (West Chester, PA) - - BUSINESS - By Marcy Gor­don

Fed­eral reg­u­la­tors are look­ing to set up new stan­dards for big banks’ plan­ning and test­ing for pos­si­ble cy­ber­at­tacks. The aim is to bol­ster the bank­ing in­dus­try’s de­fenses amid con­cern over pe­ri­odic se­cu­rity breaches at U.S. banks.

The move an­nounced Wed­nes­day by the Fed­eral Re­serve, the Fed­eral De­posit In­sur­ance Corp. and a Trea­sury Depart­ment bank­ing agency is de­signed to get banks’ se­nior ex­ec­u­tives and di­rec­tors to pay closer at­ten­tion to cy­ber­se­cu­rity, agency of­fi­cials said.

Fed Chair Janet Yellen has said that cy­ber­crime is a “very sig­nif­i­cant threat.”

The pro­posal, open to pub­lic com­ment for three months, would ap­ply to banks with $50 bil­lion or more in as­sets. That would af­fect sev­eral dozen ma­jor banks and a few big in­sur­ance com­pa­nies, all deemed to be so in­ter­con­nected with the fi­nan­cial sys­tem that a cy­ber­at­tack against one of them could shake the sys­tem’s sta­bil­ity.

In a stun­ning in­ci­dent early this year, hack­ers di­verted $101 mil­lion from the Bangladesh cen­tral bank’s ac­count at the New York Fed­eral Re­serve.

The theft am­pli­fied wor­ries about the se­cu­rity of the SWIFT global mon­ey­trans­fer sys­tem, which is over­seen by the Fed and other cen­tral banks. Bel­gium-based SWIFT, for­mally the So­ci­ety for World­wide In­ter­bank Fi­nan­cial Telecom­mu­ni­ca­tion, is a co­op­er­a­tive that man­ages the in­ter­na­tional trans­fer sys­tem among banks. The hack­ers in the Bangladesh bank case ap­par­ently got the money by steal­ing the cen­tral bank’s SWIFT ac­cess codes.

The rules pro­posed by the three agen­cies would pile on a sec­ond set of stricter stan­dards for big banks’ com­puter sys­tems that are con­sid­ered crit­i­cal to the func­tion­ing of the fi­nan­cial in­dus­try.

The banks should es­tab­lish goals for how long it would take them to re­cover from a cy­ber­at­tack, and should as­sess the po­ten­tial for mal­ware or cor­rupted data to spread through con­nected com­puter sys­tems, the reg­u­la­tors said.

The pro­posal doesn’t re­quire the banks to sub­mit their cy­ber­se­cu­rity plans for ap­proval or to no­tify the reg­u­la­tors if they suf­fer a data breach.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.