Bank regulator eyes tougher rules to fight hacking

February 26, 2015
Banks could be required to beef up their online password systems under new regulations designed to avert a so-called "cyber 9/11," a top financial regulator says

Banks could be required to beef up their online password systems under new regulations designed to avert a so-called "cyber 9/11," a top financial regulator said Wednesday.

Benjamin Lawsky, who leads New York state's Department of Financial Services, said more steps were needed to prevent what he called an "Armageddon-type cyber event" that disables the financial system.

The current password system for online accounts is "very vulnerable," said the regulator, who rose to prominence with big financial settlements negotiated with the US against BNP Paribas and other financial heavyweights.

"I am deeply worried that we are soon going to see a major cyber attack aimed at the financial system that is going to make all of us to shudder," he said.

"Indeed, we are concerned that within the next decade or perhaps sooner we will experience an Armageddon-type cyber event that causes a significant disruption in the financial system for a period of time —what some have termed a 'cyber 9/11.'"

Lawsky said such an event could create "a run or panic that spills over into the broader economy."

He said the department is considering mandating banks and other financial institutions to establish a "multifactor authentication" system whereby users would log in with a randomly generated password sent to a smartphone in addition to a conventional password.

The agency is weighing whether such new password requirements would fall on bank employees or consumers who do online banking, a Lawsky spokesman said.

Other proposals under consideration include rating banks and insurers on their cybersecurity as part of regular oversight of the banks used to determine if banks can pay dividends or make acquisitions.

Lawsky is also considering forcing financial institutions to require certifications of cybersecurity controls from third parties working in a bank, such as a law firm or a company brought in to do maintenance.

Cybersecurity was spotlighted at a summit two weeks ago in California at which President Barack Obama, Apple chief executive Tim Cook and others called for closer collaboration between government and the private sector to hold hackers at bay.

The biggest hacking episode on a bank came last year when contact details were taken for some 76 million households and seven million businesses in an attack on JPMorgan Chase.

However, JPMorgan said there was no evidence that critical account information such as account numbers, user identities or were stolen by the hackers.

While the Treasury and Federal Reserve are main US bank regulators, New York is important because it is home to many large banks. Lawsky's office has the authority to revoke the charters of and insurance companies operating in the state.

Explore further: NY surveying banks on cyber security defenses

Related Stories

NY surveying banks on cyber security defenses

February 25, 2015

(AP)—New York financial regulators are considering tougher cyber security requirements for banks to mandate more complex computer sign-ins and certifications from the contractors of their cyber defenses, the state's top ...

Several US banks attacked by hackers who hit Chase

October 8, 2014

Several US financial institutions were targeted by the same computer hackers who breached the systems of JPMorgan Chase earlier this year, sources familiar with the matter said Wednesday.

London-based banks simulate giant cyber-attack

November 12, 2013

Dozens of London-based banks joined other financial institutions in the capital on Tuesday for a giant exercise to test their defences against a cyber-attack, officials said.

Recommended for you

Forget oil, Russia goes crazy for cryptocurrency

August 16, 2017

Standing in a warehouse in a Moscow suburb, Dmitry Marinichev tries to speak over the deafening hum of hundreds of computers stacked on shelves hard at work mining for crypto money.

Researchers clarify mystery about proposed battery material

August 15, 2017

Battery researchers agree that one of the most promising possibilities for future battery technology is the lithium-air (or lithium-oxygen) battery, which could provide three times as much power for a given weight as today's ...

Signs of distracted driving—pounding heart, sweaty nose

August 15, 2017

Distracted driving—texting or absent-mindedness—claims thousands of lives a year. Researchers from the University of Houston and the Texas A&M Transportation Institute have produced an extensive dataset examining how ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.