Earlier today, Deputy Assistant Secretary for Financial Institutions Katheryn Rosen participated in Bloomberg Government’s “Cybersecurity: Costs and Solutions” conference, where she spoke on a panel about how Treasury is working to share information and best practices with the financial sector in order to help businesses improve their cybersecurity.
"From the President, to Secretary Lew, to financial services CEOs, cybersecurity is now a strategic focus at the highest levels," Rosen said during the discussion.
Rosen also noted that protecting our nation’s financial system from cyber threats is a critical effort that requires partnership across all levels of the government and coordination between the government and the private sector. As National Cybersecurity Awareness Month comes to an end, here is some of the work Treasury has been pursuing to help the financial sector strengthen and maintain secure, functioning, and resilient critical infrastructure:
Treasury, as the Sector Specific Agency for the financial services sector, works closely with financial institutions to increase cybersecurity within the financial system. In this role, Treasury’s Office of Critical Infrastructure Policy serves as the day-to-day Federal interface with financial services firms on matters of cybersecurity. One important aspect of this relationship is Treasury’s efforts to facilitate the sharing of threat-specific information with financial services firms. Treasury also engages in the provision and coordination of technical assistance to financial services firms, as needed.
Treasury has also been supporting a “whole of government” approach to address these threats and continues to develop means to enhance information sharing between government agencies, and between government and the financial sector. For example, over the past year, Treasury has coordinated over a dozen classified briefings across the country that provide financial firms, including large and small banks, credit unions, insurance companies, and financial exchanges, with threat-specific information from a coordinated group of government agencies and have encouraged firms to share best practices on how to protect, prevent, respond to and mitigate cyber incidents. Since taking office, Secretary Lew has also made it a priority to meet with CEO’s from financial firms, business groups, and his international counterparts to discuss cybersecurity.
Serving as Chair of the Financial Stability Oversight Council (FSOC), Secretary Lew has asked for FSOC to be briefed on matters related to operational risk, including cybersecurity, and their potential threat to financial stability. FSOC has repeatedly emphasized the importance of sharing information – between operational and business executives at financial institutions, between firms, between government agencies, and between the public and private sector – and remains engaged on this issue.
Further, Treasury’s Office of Terrorism and Financial Intelligence (TFI) is focused on cyber threats that have the capacity to threaten the US economy and national security. As it targets rogue states, proliferators, terrorists, and other illicit actors, TFI will use its financial expertise and authorities against malicious cyber activities.
Even as Treasury works diligently to make sure that businesses are prepared for cyber incidents, there is still more to do. Treasury continues its implementation of the President’s Executive Order and Presidential Policy Directive issued early this year, including by working with the financial sector to help shape the Cybersecurity Framework currently under development by the National Institute of Standards and Technology.
Brandi Hoffine is a Spokesperson for Domestic Finance at the U.S. Department of the Treasury.