|
 The House Committee on Science, Space and Technology on Friday sent
a letter to Federal Reserve Chair Janet Yellen to express "serious
concerns" over the central bank's ability to protect sensitive
financial information.
The letter cited the Reuters report, which was based on heavily
redacted internal Fed records obtained through a Freedom of
Information Act request. The redacted records did not say who hacked
the bank's systems or whether they accessed sensitive information or
stole money.
"These reports raise serious concerns about the Federal Reserve's
cyber security posture, including its ability to prevent threats
from compromising highly sensitive financial information housed on
the agency's systems," said the letter, signed by House Science
Committee Chairman Lamar Smith, a Texas Republican, and Barry
Loudermilk, a Georgia Republican and chairman of the panel's
oversight subcommittee.
A Fed spokesperson said the central bank had received the panel's
letter and "will respond to it."
The panel asked the Fed's national cyber security team - the
National Incident Response Team - to turn over all cyber incident
reports in unredacted form from Jan. 1, 2009, to the present. It
also asked for incident reports from the Fed's local incident
response teams.
Global policymakers, regulators and financial institutions have
become increasingly concerned about the security of the
international banking system after a string of cyber attacks against
banks in Bangladesh, Vietnam and elsewhere linked to fraudulent
transaction messages sent across the global financial platform
SWIFT.
The probe into the Fed's security practices followed a separate
inquiry by the same committee into the Federal Reserve Bank of New
York's handling of the cyber theft of $81 million from one of its
accounts held by the central bank of Bangladesh.
The committee said it has jurisdiction over the Fed's cyber security
because the panel is tasked with oversight of the U.S. National
Institute of Standards and Technology, an agency responsible for
developing federal cyber security standards and guidelines, under a
2014 federal information technology law.
[to top of second column] |
The panel also requested a "detailed description of all confirmed cyber security
incidents" from 2009 to the present, all documents and communications referring
or relating to "higher impact cases" handled by the Fed's NIRT team, all
documents and communications with the Fed's Office of Inspector General related
to confirmed cyber incidents, and an organizational chart detailing the Fed's
top cyber security personnel.
The committee requested a response to its inquiry by June 17. (Click here to
read the letter: http://tmsnrt.rs/1VBXvSz)
The Fed's computer systems hold confidential information on discussions about
monetary policy that drives financial markets. The central bank's staff
suspected hackers or spies were behind many of the breaches, the records
obtained by Reuters show.
The Fed had declined to comment on the records, which represent only a slice of
all cyber attacks on the central bank because they include only cases involving
the Washington-based Board of Governors, a federal agency that is subject to
public records laws.
(For a graphic on the Fed security breaches, see: http://tmsnrt.rs/1TxSu8R)
(Reporting by Dustin Volz and Jason Lange; Editing by David Chance and Tiffany
Wu)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
