A Reuters report into cybersecurity at the Federal Reserve triggers a House committee investigation into the Federal Reserve’s security protections.
It’s a description that elected officials likely aren’t thrilled to read: The notion that there have been more than 50 “cyber breaches” between 2011 and 2015 of the supposedly super-secure U.S.
Federal Reserve, as Reuters reported earlier this week.
Worse, those are only the breaches that Reuters could track, as they all involved the Board of Governors in some aspect—a federal agency whose records can be revealed via Freedom of Information Act requests.
As a result of Reuters’ reporting, the House Committee on Science, Space, and Technology is officially launching a probe in to the Federal Reserve’s ability to secure its information from cyberattacks.
It’s asking the Federal Reserve to turn over all cyber incident reports since January 1, 2009, and it wants these reports raw—no redactions.
It’s also asking for the Federal Reserve to turn over any incident reports from its local incident response teams as well. (Each of the central bank’s 12 regional branches have their own teams tasked with cybersecurity, and Reuters was unable to obtain any of their records for its report.)
“According to a Reuters report published this week, the Federal Reserve experienced at least 50 breaches of its information technology systems during 2011 through 2015. Of the over 50 breaches identified by the Federal Reserve’s National Incident Response Team (NIRT), a team of cybersecurity experts based in New Jersey, reports indicate that Federal Reserve officials suspected hackers or spies to be responsible for multiple incidents,” read the committee’s letter.
“NIRT, which created the incident reports Reuters obtained through a Freedom of Information Act (FOIA) request, however, do not indicate whether sensitive information was obtained or whether hackers stole money.
Also troublesome is the fact that of the 310 reports provided by the Federal Reserve in response to the FOIA request, hacking attempts were cited in 140 reports and four hacking incidents in 2012 alone were considered acts of ‘espionage,’ According to reports, the incidents involving acts of ‘espionage,’ could not only refer to threats from foreign governments, but also spying by private individuals or companies.”
The committee also noted in its letter that it would like the Federal Reserve to provide any and all documents or communications related to “high impact cases” that either its National Incident Response Team or local cybersecurity teams handle.
And it also wants to get its hands on the procedures that national and local teams use when responding to a cyber-attack.
The committee is giving the Federal Reserve a deadline of June 17 for all the requested communications.
As for the end goal of these attacks, the Federal Reserve’s systems hold lots of information about future financial policies that could significantly impact global financial markets.
If other governments were able to get their hands on this kind of insider information, they could gain a significant economic advantage by getting in front of future policy changes—to name just one benefit.
“As with other government agencies, the Federal Reserve is a target for cyberattacks. However, our security program and processes for detecting and countering attacks are robust and our critical operations have never been affected,” a reads a statement from the Federal Reserve, as reported by CNNMoney.