Treasury Official Warns Financial Sector to Enhance "Cyber- Resilience"

In remarks delivered at a cybersecurity forum, Deputy Secretary of the U.S. Treasury Department Sarah Bloom Raskin emphasized the importance of creating a cyber-resilient financial structure by reducing response time to cyber threats.

Deputy Raskin argued that recent interconnected threats indicate that coordination is essential. Major examples of interconnected threats include (i) large-scale disruption-of-services attacks; (ii) attacks that result in theft and misuse of customer data (such as an attack on a law firm for confidential information); and (iii) attacks that result in destruction of systems and data.

Deputy Raskin also outlined the roles of the government, the U.S. Treasury Department and the private sector in response and recovery. Part of the private sector's role is to build a "cyber incident playbook," which should include "the basics of who does what, when, and who reports to whom when a cyber incident happens" she said. Further, Deputy Raskin emphasized that playbooks must specify when to involve law enforcement or trigger government involvement, and when and how to notify customers, counterparties and shareholders.

Deputy Raskin urged firms to prepare for cyberattacks in advance:

The middle of an attack is never a great time to learn unexpected things about your own organization. In advance of an attack, firms should identify their most sensitive and highly valued processes or assets . . . [and] have specific plans for how they will secure these processes or assets in order to minimize damage physically, financially and reputationally.