WASHINGTON—The Federal Reserve and the Treasury Department announced their support for agreed-upon cybersecurity guidelines set by leaders around the globe, and are now urging U.S. financial institutions to follow them.
The guidelines, set by the G7 countries (U.S., Britain, Canada, France, Germany, Italy and Japan), are published in a three-page document that would allow any financial institution to apply the standards to their own operations. The cybersecurity guidelines contain eight tailorable elements, including establishing a cybersecurity strategy, designating personnel responsibilities and sharing information with authorities, NAFCU reported.
“Cyber threats present a set of pressing operational, reputational and financial stability risks facing the international financial system. Sovereign borders do not contain these threats, and accordingly, nations must work together to address them,” said Treasury Deputy Secretary Sarah Bloom Raskin, co-chair of the G-7 Cyber Expert Group, in a statement. “The fundamental elements announced today are a significant achievement in our efforts to cooperate and improve cybersecurity within our countries. They are also a testament to the growing international resolve to counter cyberattacks and I encourage private and public sector leaders alike to use them to drive and fortify their institutions’ cybersecurity and resiliency.”
NAFCU noted that last week the National Institute of Standards and Technology issued a guide to cyber threat information sharing, meant to help organizations establish information sharing goals, identify cyber threat information sources and develop rules that control the publication and distribution of threats, among other things.
NIST released a cybersecurity framework in 2014, which has served as the underlying architecture for the Federal Financial Institutions Examination Council’s cybersecurity assessment tool. NAFCU said it has urged NIST and its partners to implement the framework through voluntary guidance similar to the cybersecurity assessment tool. NAFCU said that it also continues to encourage NIST to use its expertise to educate lawmakers and regulators about emerging cybersecurity threats and the need for multi-sector collaboration to prevent consumer data breaches.
NAFCU added that it continues to push for the passage of the “Data Security Act” (HR 2205/S. 961), which would hold retailers to the same standards credit unions already follow under the Gramm-Leach-Bliley Act.