Press
FFIEC launches cybersecurity web page, promotes awareness of cybersecurity activities
WASHINGTON (June 24, 2014) — The Federal Financial Institutions Examination Council (FFIEC) today launched a Web page on cybersecurity (www.ffiec.gov/cybersecurity.htm). The Web page is a central repository for current and future FFIEC-related materials on cybersecurity.
While information security has been a core focus of supervision for decades, the FFIEC members are taking a number of steps to raise awareness of cybersecurity risks at financial institutions and the need to identify, assess, and mitigate these risks in light of the increasing volume and sophistication of cyber threats that pose risks to all industries in our society. The FFIEC Web page provides links to joint statements, webinars, and other information that may help financial institutions when thinking about the issue of cybersecurity.
The launch of this Web page coincides with a pilot program at more than 500 community institutions, to be conducted by state and federal regulators, which will be completed during regularly scheduled examinations. Information from the pilot effort will assist regulators in assessing how community financial insitutions manage cybersecurity and their preparedness to mitigate increasing cyber risks. Regulators are particularly focusing on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, service provider and vendor risk management, and cyber incident management and resilience. Another aim of the pilot is to help regulators make risk-informed decisions to enhance the effectiveness of supervisory programs, guidance, and examiner training.
FFIEC members will continue to assess the risks of cyber attacks to financial institutions and use the information gathered through a number of sources to determine the appropriate next steps and identify potential gaps in financial supervision.
Other recent FFIEC efforts on cybersecurity highlighted on the Web page include:
- Creation of the Cybersecurity and Critical Infrastructure Working Group (June 2013)
- Joint Statement concerning Microsoft’s discontinuation of Microsoft Windows XP (October 2013)
- Joint Statement on Cyber Attacks on ATMs and Card Authorization Systems (April 2014)
- Joint Statement on Distributed Denial of Service Attacks (April 2014)
- Alert on Open SSL “Heartbleed” Vulnerability (April 2014)
Webinar and video on cybersecurity for community institution CEOs (May 2014)
The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. The Council has six voting members: a Governor of the Board of Governors of the Federal Reserve System designated by the Chairman of the Board, the Chairman of the Federal Deposit Insurance Corporation, the Chairman of the Board of the National Credit Union Administration, the Comptroller of the Currency, the Director of the Consumer Financial Protection Bureau, and the Chairman of the State Liaison Committee. The Council’s activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.