Fed chair deems cyber threat top risk to financial sector
Federal Reserve Chairman Jerome Powell said he is on alert for cyberattacks against U.S. financial systems and companies, above and beyond any other risks to the economy.
“The world evolves. And the risks change as well,” Powell said during an interview aired Sunday on CBS’s “60 Minutes,” noting he is far more concerned about a cyber incident than he is about encountering a collapse akin to the global financial crisis of 2008. “And I would say that the risk that we keep our eyes on the most now is cyber risk.”
Other government agencies and major companies — in particular financial companies — are also on alert, Powell said.
Particularly of concern to Powell are scenarios in which cyberattacks cripple financial institutions to the point that they can’t track payments or to the point that payment systems don’t function.
“There are scenarios in which a large payment utility, for example, breaks down and the payment system can’t work. Payments can’t be completed,” Powell said. “There are scenarios in which a large financial institution would lose the ability to track the payments that it’s making and things like that.”
Some of these nightmare scenarios and other costly hacking incidents have already played out on the world stage. Russian and North Korean hacking teams alike are accused of running years-long hacking efforts aimed at stealing money from individuals, companies and banks in the U.S. After Iranian hackers targeted banks with distributed denial-of-service attacks between 2011 and 2013 — costing U.S. banks tens of millions of dollars — hundreds of thousands of customers were blocked from accessing their online accounts, according to the FBI.
At the time, the FBI and the Department of Justice intervened and worked with the financial sector to neutralize some of the botnets the attackers used to cripple its systems. Since then, the financial sector has been working to stay one step ahead of hackers for years.
As a result of that coordination, information security experts have long suggested that the financial sector is generally ahead of other sectors when it comes to cybersecurity.
But the financial sector isn’t all buttoned up against cyber incidents. The Financial Services Information Sharing and Analysis Center warned just last month that the financial sector will likely face a growing set of threats from nation-state and criminal hackers. The Securities and Exchange Commission warned the financial sector last year that ransomware attacks, which could lock up businesses’ machines and disrupt normal business operations, were improving their sophistication.
Private financial companies will soon weigh in on a federal regulation that would require them to disclose cyber incidents that could impact the stability of the financial sector or that could disrupt key portions of a banking organization’s business to regulators within 36 hours. Comments on the proposal, which was introduced in December, are due Monday.
Other governments are concerned about the prospects of a major cyberattack grinding financial systems to a halt as well, said Powell, adding that the U.S. and allies are working together to bolster defenses against these kinds of intrusions.
“A lot of us have worked very hard at this and invested a lot of time and money and thought — and worked [collaboratively] with our allies and with other government agencies,” Powell said. “But there’s never a feeling at any time that you’ve done enough or that you feel safe.”
An advisory group made up of members of the Federal Reserve Board, Bank of England, Amazon Web Services, JP Morgan Chase and the International Monetary Fund contributed to a report published in November that warned the financial sector is still not keeping pace with the risks hackers pose to the global financial system. The report proposed that states work together to block hacks targeting the financial sector and develop norms of acceptable behavior in cyberspace.