Press Release: Cyber Security and Financial Stability

January 30, 2015

Eric S. Rosengren

Founding member of the ACSC and President & CEO of the Federal Reserve Bank of Boston Eric S. Rosengren discusses Cyber Security and Financial Stability in Cape Town, South Africa on January 30, 2015

Despite the advantages to consumers and businesses from rapid innovation in payments, cyber security issues are beginning to intrude—given the growing variety of entry points for those looking to steal, divert, or disrupt payments.

Boston Fed President Eric Rosengren today discussed cyber security "as a serious financial stability concern." He was speaking at a forum on financial‐sector supervision and regulation organized by the Basel Committee on Banking Supervision and the Financial Stability Institute, in Cape Town, South Africa.

Should breaches continue, Rosengren said, a loss of confidence in payments may lead people to use less efficient options. A more immediate issue would be an attack on payment systems aimed not at financial gain but at disrupting transactions—for example, by a rogue state or entity. "An attack on payment systems that renders consumers and businesses unable to transact business could be extremely disruptive" to an economy.

The prevention of these kinds of attacks puts an emphasis on ensuring that resiliency, monitoring, detection, and recovery capabilities are operational in any payment system. Rosengren argued that the adoption of a national defense grade security level, rather than a commercial grade security level, would mean a much more resilient—albeit expensive—payment system.

As an additional challenge, diffuse roles and responsibilities in the payments landscape, involving both the private and public sectors—and "the many potential points of failure"—make a unified cyberprevention approach difficult. "There are serious challenges and obstacles to comprehensive solutions," said Rosengren, and "central banks are essential to this discussion."

Rosengren called for a level of information‐sharing and expectation‐setting by national defense agencies, regulators, supervisors, and operators exceeding that of today. "Sharing actionable information about cyber‐attacks has the potential to significantly improve a firm's preparedness," he said.

As an example, he referenced a 2014 pilot program conducted by the Federal Reserve Bank of Boston focused on the sharing of cyber‐threat information by, and among, small‐ to medium‐sized banks. The successful pilot, Rosengren said, highlights that "more peer sharing for groups of smaller institutions has the potential to help thwart cyber criminals' potential entry to payment systems."

"Given the importance of a safe and available payment system to the functioning of a nation's economy, investment in core aspects of systems to ensure they are as secure and cyber resilient as possible must be a national priority."

FULL TEXT SPEECH