U.S. Treasury Secretary Jacob Lew is urging financial institutions to develop better protections against cyber-security related thefts, disruptions, and attacks. In a speech Wednesday, he encouraged the financial sector to make use of a new cyber-security framework when evaluating vendors and called upon Congress to help protect firms from liability issues that may arise from sharing security and breach data.

The Treasury Department was involved with the implementation of the 2013 Executive Order 13636, titled "Improving Critical Infrastructure Cyber-security," and Presidential Policy Directive-21. They led to the creation of the National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Cybersecurity, released in February 2014. The framework provides a blueprint that firms and their vendors can use to collaborate with the government, improve the resiliency of their computer systems, and implement cyber-security best practices.

Treasury also coordinates with the Financial Services Information Sharing and Analysis Center which was  established by the financial services sector and distributes cyber-threat indicators, alerts, and suggested best practices.

During his speech, at CNBC and Institutional Investor's Delivering Alpha Conference, Lew urged Congress to pass legislation that may better facilitate information sharing. "As it stands, our laws do not do enough to foster information sharing and defend the public from digital threats,” he said. “We need legislation with clear rules to encourage collaboration and provide important liability protection. It must be safe for companies to collaborate responsibly, without providing immunity for reckless, negligent or harmful behavior.  And we need legislation that protects individual privacy and civil liberties.”

Lew applauded the efforts of bank and securities regulators for taking steps to enhance their oversight of cyber-threats. The inter-agency Federal Financial Institutions Examination Council has established a working group to better coordinate federal and state bank regulators on critical infrastructure and cyber-security issues. This summer, its member agencies are conducting a cyber-security assessment during regularly scheduled exams.

Topics