More must be done to protect the U.S. financial system against the growing threat of cyber-attacks, government and industry officials warned an interagency panel of regulators Monday.
The Financial Stability Oversight Council (FSOC), created three years ago to help shore up weaknesses in the economy that led to the 2008 crisis, identified cybersecurity as a major priority earlier this year.
But the danger posed by outside forces looking to damage the financial system has only become greater, Assistant Treasury Secretary Cyrus Amir-Mokri said during a meeting of the interagency panel.
“Our experience over the last couple of years shows that cyber-threats to financial institutions and markets are growing in both frequency and sophistication,” Amir-Mokri said.
In February, President Obama issued an executive order meant to improve information sharing about cyber threats between government and industry. The order also directed agencies to establish a voluntary framework of cyber-security best practices for the industry.
A draft proposal is now available for public comment. But Amir-Mokri said the executive order should not be viewed as a substitute for cyber-security legislation. In lieu of congressional action, he said the administration is leaning on help from the financial industry and the U.S. intelligence apparatus to identify and stop potential threats.
BB&T CEO Kelly King echoed Amir-Mokri’s remarks, telling the council that the industry concerns about cyber attacks are also on the rise.
“The world has changed, it’s not going back,” said King, who also serves as chairman of the board of directors For the Financial Services Roundtable’s technology policy council.
“Cyber risk is increasing in pace, complexity,” he said. “Potential impact has moved from fraudsters to hackstivists causing disruption to nation states threatening serious data manipulation and destruction.”
King said the industry has held three cyber-security summits, and has developed a 60-point plan across several areas of possible action, including enhanced information-sharing, improved analytics, better crisis management and improved executive communications.
Among the private sector initiatives is an effort to establish new Internet domain names that would be more secure than the widely used dot-com network. “Dot-bank” and “dot-insurance” domains would allow for greater protection of confidential information, King said.
King also said the industry is investing significant resources in the development of a “secure cloud” that would protect against attacks targeting private debt and credit card information.
In order to facilitate the efforts, the government should improve the flow of declassified information to the private sector and expedite security clearances.
“We need more people in the industry that have the proper level of clearances,” King said.
Created by the 2010 Dodd-Frank Wall Street reform law, the 10-member FSOC is chaired by Treasury Secretary Jack Lew and made up of a group of top financial regulators across several agencies.
Monday's meeting of the panel was the last for Federal Reserve Chairman Ben Bernanke and Commodity Futures Trading Commission Chairman Gary Gensler, who are leaving their respective offices at the end of the year.