WASHINGTON Senate lawmakers pressed government officials about whether theyre doing enough to protect the financial system from cyberattacks on Wednesday, warning that more must be done next year to help banks defend themselves.
The issue has gained considerable traction over the past year since the data breach at Target last fall and subsequent attacks at a host of retailers and banks. Congress failed to pass legislation to strengthen information sharing on cyberthreats across different industries and government this year, but the issue is likely to remain on the legislative agenda even after Republicans take control of the Senate in January.
"It's finally beginning to come into the public consciousness," said Sen. Chuck Schumer, D-N.Y. "We need legislation."
Brian Peretti, director of the office of critical infrastructure protection and compliance policy at the Treasury Department, noted that the business communitys view towards information sharing has greatly evolved in the wake of increased attacks, dating back to the infamous DDoS attacks in 2012.
"We've seen a large change within industry to be able to be more forthcoming and open with sharing this information," he said. "They understand that the key for this is not only to share the information with law enforcement and the government, but also with other parties."
But Sen. Elizabeth Warren, D-Mass., pushed regulators to do more to ensure that banks and all interconnected parties are able to shore up their vulnerabilities, such as including cybersecurity preparedness into safety and soundness rankings.
"You know, as we all know here, a future cyber attack could paralyze the financial sector with devastating consequences for our economy. No two crises are alike. We want to be out in front on this," Warren told Valerie Abend, the senior critical infrastructure officer for the Office of the Comptroller of the Currency. "And I'd really like to know that the OCC is using this as part of their ranking.
Abend underscored that the issue is a top priority for the agency, but said she couldnt speak to the specifics of exam ratings.
Warren also raised concerns with how regulators are evaluating "other entities along the chain, from the retail merchants, to the third-party data processors, and software providers" to ensure that the companies that work with banks are similarly prepared to defend against cyberthreats.
The hearing marks the final public appearance by Sen. Tim Johnson, D-S.D., as chairman of the banking panel.
Johnson, who will retire at the end of the year, used the hearing to urge government officials and "policymakers in the next Congress to act quickly to address cybersecurity concerns."