Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management

Congressmen Call for Enhanced Financial Sector Security

Nine Federal Agencies Asked to Take Action in Light of Iranian Threats
Congressmen Call for Enhanced Financial Sector Security
Democratic Reps. Emanuel Cleaver II (left) and Gregory Meeks

Two Democratic Congressmen have sent letters to nine federal financial regulatory agencies asking that take action to shore up cyber defenses in the sector because of looming security threats from Iran.

See Also: Close the Gapz in Your Security Strategy

The move comes in the wake of a U.S. drone attack last week that killed Iranian Major General Qasem Soleimani and Iran’s retaliatory missile strikes this week against bases in Iraq housing American troops (see: Iranian Cyberattacks: 10 Must-Have Defenses).

Meanwhile, on Wednesday, the FBI and Department of Homeland Security issued a security bulletin to local law enforcement warning of Iranian-sponsored cyberattacks, although no specific threats were disclosed, according to CNN

In their letter sent this week, Democratic representatives Emanuel Cleaver II, D-Mo., and Gregory Meeks, D-N.Y., who both sit on the House Financial Services Committee, wrote that there is an impending threat to the financial services infrastructure, not only in the U.S. but across the globe. They urged the regulatory agencies to strengthen the cyber protections that guard against disruption in financial markets.

A Call to Action

The congressmen sent the letter to the Federal Reserve, Treasury Department, Securities and Exchange Commission, Federal Deposit Insurance Corp., Consumer Financial Protection Bureau, Federal Housing Finance Agency, Commodity Futures Trading Commission, National Credit Union Administration and the Office of the Comptroller of the Currency.

They requested that these nine agencies propose specific security strategies by March.

"We urge you, our nation’s financial regulators, to work in coordination with law enforcement and regulated entities to increase sharing of appropriate cyber threat information," the Congressmen wrote. "We request that your institutions communicate a strategy to further mitigate existing cyber vulnerabilities within our financial institutions by March 2020."

Information Security Media Group reached out to all nine regulatory agencies on Thursday for comment. The only agency to respond, the Office of the Comptroller of the Currency, declined to comment.

Past Attacks

In the letter, Meeks and Cleaver pointed to Iran’s previous cyberattacks that affected U.S. financial institutions.

Between December 2011 and May 2013, 46 major U.S. financial services firms sustained distributed denial-of-service attacks conducted by an Iranian hactivist group (see: Analysis: Threat Posed by Pro-Iranian Hackers). The attacks left thousands of customers of Bank of America, Capital One, JP Morgan Chase, PNC, the New York Stock Exchange and Nasdaq, among many others, unable to access their accounts and led to the organizations spending millions on mitigation.

In the years since the DDoS attacks, security experts say, Iran has increased its cyber capabilities and could target critical infrastructure within the U.S.

Homeland Security officials have warned about Iran's increased ability to deploy so-called "wiper" attacks, which use malicious code designed to overwrite systems or otherwise leave them unusable and unrecoverable (see: DHS: Conflict With Iran Could Spur 'Wiper' Attacks).

"Iran has proven to be exceptionally capable when it comes to cyberwarfare," Cleaver says in a statement. "As tensions with the Iranian regime continue to unnecessarily escalate, it’s critical that financial regulators and individual institutions be proactive in preparation for potential cyber-attacks against our financial system. While I’m hopeful we can avoid any further conflict, it’s important we be prepared to protect consumers and defend our financial system from any major disruptions."

Website Defacements

A few days after the death of Soleimani following a U.S. drone strike, hacker groups sympathetic to Iran started defacing U.S. government websites, including the official website of the U.S. Federal Depository Library Program (see: US Government Website Defaced With Pro-Iran Message).

Homeland Security officials noted the defacement was not part of a larger cyber conflict between the U.S. and Iran.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.