The Federal Reserve’s Cybersecurity Analytics Support Team is responsible for monitoring cybersecurity threats that could affect financial institutions. What happens when news of an attack breaks?
As appeared in the Cleveland Fed Digest's Ask the Expert
There are a lot of things that happen. My team works to understand the impact of the attack: Is it impacting banks? Is it impacting a prevalent technology that many banks use? Who is the attack impacting, and how might the attack spread?
We then rate the attack using the nation’s cybersecurity rating scale, which we tailored to the financial industry. It’s 1 through 5—1 being baseline and 5 being emergency. Five is a pretty hard threshold to reach because it involves the likelihood of catastrophic damage to critical operations resulting in, for example, a potential collapse of the banking sector. Most attacks fall between 1 and 3. We routinely perform ongoing monitoring of the attack, adjusting our assessment and rating as we learn more through our analysis, discussions with experts, and technical details reported through other sources. We might initially rate an attack high because we need more information and then adjust its rating down later when more information is known.
Here’s a recent example: One Saturday, I read that ransomware was hitting systems and picking up speed in the UK, impacting the National Health Service. Our Cybersecurity Analytics Support Team called a teleconference to discuss what was being impacted (nothing in the United States). The event ended up being an unpatched Windows vulnerability that affected several hundred thousand computers across the world. Our team knew that, generally speaking, financial institutions are up to date on patching—or running changes to update, fix, or improve a computer program. Still, we worked Saturday, Sunday, and Monday to monitor the situation, assess our ratings, and communicate what was going on.
Depending on the rating we assign to an attack, the team coordinates with a group at the Board of Governors [of the Federal Reserve System] to determine who needs to discuss the potential impact. We also will bring in the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency, as appropriate.
Every day, we’re looking at potential threats. Our goal is to understand threat actors and their capabilities, active campaigns, and overall intent in order to assess the potential impact on the financial sector.
- Share
You’re here today.
Don’t miss what we produce next. Subscribe to Cleveland Fed Digest.
Cleveland Fed Digest delivers right to your inbox once a month research you can use, expert answers to timely questions, and news of upcoming events. If you’re not yet a subscriber to Cleveland Fed Digest, share your email address (and just that!) to receive the newsletter each month. We welcome your feedback, too! Contact digest@clev.frb.org with questions or comments.
Rest assured, we do not sell or share your email address, and you may unsubscribe at any time.