Treasury’s Raskin Focusing on Improving Cyber Info-Sharing

Raskin participates in a Q+A session with ABA President and CEO Frank Keating at the ABA Summer Leadership Meeting in Baltimore on July 14. Photo by Steven E. Purcell.

Raskin participates in a Q+A session with ABA President and CEO Frank Keating at the ABA Summer Leadership Meeting in Baltimore on July 14. Photo by Steven E. Purcell.

The Treasury Department is seeking to accelerate declassification of financial cyber threat information to help financial institutions protect their systems and customers, Deputy Treasury Secretary Sarah Bloom Raskin said today at ABA’s Summer Leadership Meeting in Baltimore. She is focused on “getting information declassified very quickly and into the hands of people who need it,” Raskin said. “It makes no sense for the government to be sitting on this information.”

Raskin also emphasized the importance of the “two-way street” of information-sharing and urged bankers to participate in the Financial Services Information Sharing and Analysis Center, which she called “a very important mechanism for sharing.”

In her remarks, Raskin offered a “2.0 version” of the 10-question cybersecurity checklist she offered bank CEOs in a speech late last year. She urged bank CEOs to ask if cybersecurity is “embedded” in their banks’ governance, controls and risk management system instead of being “grafted on.” Also included in her checklist were identifying key assets, tailoring controls to the risks unique to each asset, prioritizing implementation of enhanced controls, training personnel on cybersecurity practices, designating specific cyber professionals, giving them what they need to do their jobs and securing appropriate cybersecurity insurance.

Raskin also emphasized “cyber hygiene,” which she said can prevent 80 percent of cyber incidents. Specifically, she urged bankers to consider multi-factor authentication for system access, to restrict high-level access only to those who truly need it, to maintain and patch software and to scan systems constantly for malicious activity.