|
U.S. lawmakers probe Fed cyber breaches,
cite 'serious concerns'
Send a link to a friend
 [June 04, 2016]
By Dustin Volz and Jason Lange
WASHINGTON (Reuters) - A U.S.
congressional committee has launched an investigation into the Federal
Reserve's cyber security practices after a Reuters report revealed more
than 50 cyber breaches at the U.S. central bank between 2011 and 2015.
The House Committee on Science, Space and Technology on Friday
sent a letter to Federal Reserve Chair Janet Yellen to express
"serious concerns" over the central bank's ability to protect
sensitive financial information.
The letter cited the Reuters report, which was based on heavily
redacted internal Fed records obtained through a Freedom of
Information Act request. The redacted records did not say who hacked
the bank's systems or whether they accessed sensitive information or
stole money.
"These reports raise serious concerns about the Federal Reserve's
cyber security posture, including its ability to prevent threats
from compromising highly sensitive financial information housed on
the agency's systems," said the letter, signed by House Science
Committee Chairman Lamar Smith, a Texas Republican, and Barry
Loudermilk, a Georgia Republican and chairman of the panel's
oversight subcommittee.
 A Fed spokesperson said the central bank had received the panel's
letter and "will respond to it."
The panel asked the Fed's national cyber security team - the
National Incident Response Team - to turn over all cyber incident
reports in unredacted form from Jan. 1, 2009, to the present. It
also asked for incident reports from the Fed's local incident
response teams.
Global policymakers, regulators and financial institutions have
become increasingly concerned about the security of the
international banking system after a string of cyber attacks against
banks in Bangladesh, Vietnam and elsewhere linked to fraudulent
transaction messages sent across the global financial platform
SWIFT.
The probe into the Fed's security practices followed a separate
inquiry by the same committee into the Federal Reserve Bank of New
York's handling of the cyber theft of $81 million from one of its
accounts held by the central bank of Bangladesh.
The committee said it has jurisdiction over the Fed's cyber security
because the panel is tasked with oversight of the U.S. National
Institute of Standards and Technology, an agency responsible for
developing federal cyber security standards and guidelines, under a
2014 federal information technology law.
[to top of second column] |
The Federal Reserve building in Washington September 1, 2015.
REUTERS/Kevin Lamarque
The panel also requested a "detailed description of all confirmed
cyber security incidents" from 2009 to the present, all documents
and communications referring or relating to "higher impact cases"
handled by the Fed's NIRT team, all documents and communications
with the Fed's Office of Inspector General related to confirmed
cyber incidents, and an organizational chart detailing the Fed's top
cyber security personnel.
The committee requested a response to its inquiry by June 17. (Click
here to read the letter: http://tmsnrt.rs/1VBXvSz)
The Fed's computer systems hold confidential information on
discussions about monetary policy that drives financial markets. The
central bank's staff suspected hackers or spies were behind many of
the breaches, the records obtained by Reuters show.
The Fed had declined to comment on the records, which represent only
a slice of all cyber attacks on the central bank because they
include only cases involving the Washington-based Board of
Governors, a federal agency that is subject to public records laws.
(For a graphic on the Fed security breaches, see:
http://tmsnrt.rs/1TxSu8R)
(Reporting by Dustin Volz and Jason Lange; Editing by David Chance
and Tiffany Wu)
[© 2016 Thomson Reuters. All rights
reserved.]
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
