The Federal Reserve, the US central bank responsible for supervision of the largest banks and their cybersecurity programs, has been steadily signaling its concern over the financial system’s resilience in the face of increasingly sophisticated cyber attacks.
- Fed Chairman Jerome Powell said in an interview earlier this year, “The risk that we keep our eyes on the most now is cyber risk…There are scenarios in which a large financial institution would lose the ability to track the payments that it's making. Where you would have a part of the financial system come to a halt, or perhaps even a broad part.”
- The Fed’s latest Financial Stability Report bumped up “cyber attacks” to #7 from #15 in the previous report for probable “salient shocks to financial stability.”
- A report from the Federal Reserve of New York last year said that if one of the top five US banks were knocked off the Fedwire inter-bank settlements system by a cyber attack, a large part of the banking system could fall into a “liquidity black hole.”
- A study by the Federal Reserve of Richmond in 2019 found that “the measurement and analysis of cyber risk in the financial sector has not matured to the point where it can be consistently measured and managed,” and supported the “application of modeling frameworks such as Factor Analysis of Information Risk (FAIR).”
Against this background, a presentation at the upcoming FAIR Conference by Matt Tolbert, Senior Cyber Specialist, Federal Reserve Bank of Cleveland, will be closely watched by the financial community: Assessing Cyber Resilience Preparedness, Tuesday, October 18, 12:00-12:30 PM
Matt will lay out the threat landscape as the Fed views it, with the underlying message that we may be reaching the limits of what controls can do against attackers, and that we should focus more on resilience. Matt will discuss how the Federal Reserve is heightening audits of cybersecurity processes for its regulated firms and encouraging better reporting of cyber incidents. In addition, he will present five key items to measure resilience for financial institutions (and really, any organization).
