With the advancement in technology, the prevalence of cyberspace within government and the immense connectivity within the national infrastructure, it has been warned for years that a catastrophic cyber attack could very well transpire and wreak havoc on the overall economy.
One of the latest to sound the alarm is Ben Lawsky, head of New York’s Department of Financial Services (DFS), who is considering introducing new regulations and rules in order to confront an “Armageddon-type” attack that would cripple the United States financial system that would then filter into the broader economy.
Lawsky purported it could be a lot worse than what unfolded during the 2008 mortgage crisis.
“We are concerned that within the next decade, or perhaps sooner, we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time,” Lawsky said Wednesday in a speech at Columbia Law School, adding that it would be a “cyber 9/11.”
His first suggestion is to impose rules that would require financial institutions to better protect themselves from any such security infiltration and data breaches. This is a common scenario as U.S. banks are under constant threats and attacks from hackers worldwide, and many of them have been successful in recent history.
The new regulations would be instituted at the state level. A security measure he is recommending would be to place a grade on a respective bank’s cybersecurity apparatus, while also demanding multi-step password systems for employees in regulated companies.
Under the federal Gramm-Leach-Bliley Act of 1999, financial institutions are already ordered to implement safeguards to protect themselves from any attacks.
A financial analyst told the Wall Street Journal that Lawsky’s initiative is part of a broader effort of federal and state governments to prompt banks to comply with the Bank Secrecy Act – Lawsky wants to further target executive liability by randomly auditing banks’ anti-money laundering controls.
“If this proposal is enacted, as seems likely, senior executives will personally be on the hook for faulty anti-money laundering controls, a potentially scary prospect, and one that should cause them to become as personally involved in anti-money laundering compliance as they are in financial reporting,” said Matthew Schwartz, a partner in the global investigations and white-collar defense practice at Boies Schiller & Flexner LLP, in an interview with the business newspaper.
USA Today reports that Lawsky’s latest warning comes as an array of international cyber criminals have begun breaching banks’ internal systems rather than victimizing their customers. According to a report from Kaspersky Lab, hackers have stolen up to $1 billion from 100 banks across 30 countries.
Last summer, JPMorgan and four other banks were hit with a tidal wave of attacks from Russian hackers.
In light of these events, Sarah Bloom Raskin, deputy secretary at the Treasury Department, told a banking crowd that the finance industry should be adopting cyber risk insurance to offset the high-risk attacks. “Ideally, we can imagine the growth of the cyber insurance market as a mechanism that bolsters cyber hygiene for banks across the board,” said Bloom.