Insurance requirements can drive stronger cybersecurity, Treasury official says
September 10, 2015
The insurance industry has a key role to play in helping U.S. companies strengthen cybersecurity, a senior Treasury Department official said Thursday.
At a time when Congress is struggling to pass cybersecurity legislation and as the number of computer intrusions surges, “insurers can move the needle,” Deputy Secretary Sarah Bloom Raskin said at a Washington think tank.
Her speech reflected how the Obama administration is trying to enlist a range of sectors and use a variety of tools to combat the cyberthreat. Meanwhile, on Capitol Hill, senior security officials testified to the complex nature of the challenge, as criminals and foreign governments have become increasingly adept at penetrating U.S. government and private sector networks to steal both commercial secrets and foreign intelligence.
To illustrate the threat, Bloom cited a little-known but disturbing cyberattack on a German steel mill last year. Hackers stole computer login credentials from plant workers, remotely worked their way into the networks and ultimately took control of the plant’s manufacturing system. Managers were unable to operate an on-off switch to shut down the blast furnace. The mill, German officials said, was seriously damaged.
Such attacks are rare, but they show the potential for major economic loss — especially if an attack on one system triggers a failure in others, Bloom said at the Center for Strategic and International Studies. But insurers can alter companies’ behavior through the underwriting process, she said.