Caucus Coverage: 3 Strategies For Better Cyber Security

WASHINGTON–Credit unions were offered three strategies for building better infrastructure and protecting against cyber-crimes.

Speaking to NAFCU’s Congressional Caucus, Brian J. Peretti, acting director of Critical Infrastructure Protection and Compliance Policy with Treasury, spoke to the issue of how CUs can bolster their resilience.

Peretti, who formerly worked for Wright Patman FCU for a half-dozen years, noted that about 80% of critical infrastructure in the country is controlled by the private sector. He said he breaks down what private companies, including credit unions, can do into three buckets:

1. Information Sharing. “When I was at my credit union, one of the things we did was create roundtables to talk about key issues. If you want to know what people need to do their jobs better, you listen to people in those jobs. In cybersecurity and physical resilience, that’s true.”
2. Baseline protections. “How do you know what’s good, what’s helpful,” asked Peretti. The answer: guidance from Treasury’s Cybersecurity Framework. “Read the Cybersecurity Framework so as to understand what are the biggest challenges out there and what are the techniques that can be used. When you are looking at outside vendors, are you just asking the basic questions? Just taking out some of those questions in the Cybersecurity Framework can be really good and help you to understand if one vendor is better than another.”
3. Response and Recovery effort. “This is one of the biggest challenges we have going forward,” he said, “because attacks do not happen that often, and not often enough to have a good plan in place. Not all incidents are based on a threat app. The key aspect we always look at is do firms have robust response and recovery plans, do they know how to engage with key partners, do they have a good messaging plan for their members? One of the things we always try to stress when doing exercises is this key issue of have we brought all the right players together? It can be difficult, particular with volunteer boards, to participate as much as they should.”