April 11, 2014

Agencies, coalitions target cybersecurity

April 14, 2014 – Amid heightened interest in and concern about cyber risks, federal regulators and coalitions are circulating a variety of alerts and notices to financial institutions on information sharing and identification of risks to their systems and data.

The most recent of these was last week's Federal Financial Institutions Examination Council alert to credit unions and banks about the "Heartbleed" vulnerability for OpenSSL servers. NCUA, CFPB and the other council members issued their joint alert late Thursday about this vulnerability and encouraged recipients to update their SSL (secure socket layer) certificates to guard users' login information and network resources.

FDIC last week issued a list of online resources about cyber risks and encouraged financial institutions to use them. "Cyber threats have been widely covered in the national media, and we believe that financial institutions and their technology service providers have been managing system updates to mitigate potential vulnerabilities in an effective manner," it said. The FDIC notice lists online resources from US-CERT, the Secret Service, FBI and industry regional coalitions.

The Justice Department and Federal Trade Commission also circulated a policy to the Financial Services Sector Coordinating Council – NAFCU is a founding member – that encourages private entities not to let concerns about antitrust issues stop them from the prudential sharing of cybersecurity data with other parties. "Cyber threat information typically is technical in nature and very different from the sharing of competitively sensitive information," the policy says.

As concerns grow unabated about cyber threats and data security, NAFCU is also continuing to press for legislation that would require merchants to adopt data security standards similar to those required of financial institutions under the Gramm-Leach-Bliley Act.