The banking industry may be getting some help with its hacker problem.
The Obama administration issued an executive order Tuesday designed to encourage cooperation between government agencies and private industry in fighting cyber-attacks against critical U.S. infrastructure.
Here's what the president had to say about it in his State of the Union address:
America must also face the rapidly growing threat from cyberattacks. Now, we know hackers steal people's identities and infiltrate private emails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.
And that's why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing and developing standards to protect our national security, our jobs and our privacy.
When it comes to protecting the nation from cyberattacks, banking has been considered a critical infrastructure sector, along with energy, dams, health care and others, since a 1996 executive order signed by President Bill Clinton, says Doug Johnson, vice president of risk management policy at the American Bankers Association.
If you're wondering why, imagine a scenario where a major bank's data, including account balances, transactions and investment holdings, wiped out by a cyberattack, and how people and businesses would react to that. Suffice to say, it wouldn't be pretty.
Even with the status quo, hackers would be unlikely to succeed in the outright mass destruction of financial data, Johnson says.
"Even without this, there's a certain redundancy in systems that prevent that scenario," he says. "To the extent that a particular set of data is compromised and somehow customer data is unable to be retrieved from a particular system, it has been backed up on another system."
But the executive order does a few things that will help banks be more resistant to attempts to sabotage or steal critical data going forward, Johnson says.
- It gives existing bank regulators in the U.S. Treasury, who already have a deep knowledge of how the industry works, responsibility for helping banks assess their readiness and deal with cyberthreats. Treasury regulators will, in turn, coordinate with the Department of Homeland Security and other government agencies to prevent and deal with attacks on the banks.
- It recognizes that critical industries, including banks, need to have more employees with high-level security clearances so they'll to be privy to government intelligence that could help them respond more effectively to threats. Johnson says that at the moment, the entire banking industry has about 200 people with top security clearances, and that's not enough to effectively use government intelligence to help protect banks.
- It encourages government agencies to declassify information useful to banks in heading off cybersecurity threats whenever possible.
- It charges U.S. Department of Homeland Security regulators with finding ways to incentivize the development and adoption of cybersecurity technology.
Johnson says the type of information sharing and multi-agency coordination mandated in the order will be instrumental in helping banks respond to the recent cyberattacks on bank websites, which some, including Sen. Joseph Lieberman, I-Conn., have attributed to Iran.
Still, if the idea of a terrorist moving your electronic accounts to zero worries you, you can always elect to receive paper statements or regularly print out online statements to have a hard copy on hand just in case.
What do you think? Do you worry about a catastrophic cyber-attack on your bank?
Follow me on Twitter: @ClaesBell.