WASHINGTON–A new paper has been released that examines what is happening at the “intersection” of cyber attacks on financial institutions and market infrastructures and efforts by the private sector and government to improve resiliency.
The paper, published by the Brookings Institute, notes that in 2013 the White House instructed the Department of Homeland Security to identify those financial institutions for which “a cyber incident would have far reaching impact on regional or national economic security.” That led to the creation of the Financial Systemic Analysis & Resilience Center (FSARC) in 2016, which focused on “systemic risk to the U.S. financial system from current and emerging cyber security threats.”
This newest paper is an effort to “better frame the issues and formulate additional steps to understand and mitigate the financial stability risks posed by cyber attacks,” according to its authors: Jason Healey, senior research scholar in the Faculty of International and Public Affairs at Columbia University; Patricia Moser and Katheryn Rosen, both adjunct professor of International and Public Affairs at Columbia; and Adriana Tache, project coordinator on the Future of Cyber Risk and Financial Stability Initiative, at Columbia University.
What makes cyber risk different from all the other risks faced by financial institutions are the systemic risks that can be “transmitted,” including Lack of Financial Substitutability, loss of confidence, and data integrity, according to the report.
“So far, cyber adversaries have mostly been individuals or small groups out for quick profit, with little demonstrated interest in systemic impact. This may change as the gains and motivations for financial cyber crimes evolve,” the authors state.
Recommendations Made
The report makes a number of recommendations, including:
- Harmonize international regulations that foster resilience to cyber attacks and mitigate risk in the event of an attack. “This regulatory and supervisory approach should have enough elasticity to evolve with technological changes and adversary sophistication.”
- Conduct additional research to identify data and facilitate the design of models to measure or quantify cyber risk, including the development of a shared lexicon or taxonomy to discuss cyber risk as a factor in financial stability.
- Share and further develop maps of critical market structures, as well as market processes and conventions (both recent public and private sector efforts) and develop additional maps to better understand the overlay of cyber risk on the plumbing of markets and institutions.
- Conduct more exercises, at the domestic level and cross-border, especially to bridge between senior-level response executives from the financial stability and cybersecurity communities.
For the full report, go here.