A House committee is investigating the Federal Reserve Bank of New York's operations related to the cyber theft of $80 million from the Bank of Bangladesh.
House Science Committee Chairman Lamar Smith (R-TX) requested “all documents and communications related to” the cyberattack against Bangladesh's central bank in February, New York Federal Reserve Bank's SWIFT systems, and other correspondence related to SWIFT.
“The Committee, while concerned about all potential vulnerabilities, is focused on the technology employed by SWIFT and the banks that move money through SWIFT,” Smith wrote, in a letter to New York Federal Reserve Bank president William Dudley.
The investigation was launched as financial services institutions are being urged to create more thorough information sharing protocols. Last week, SWIFT CEO Gottfried Leibbrandt announced the financial messaging service's “five part-plan” to improve information sharing among its partner financial institutions.
Industry pros see a need for federal guidelines that would protect international financial systems.
“In the late 1800s, the Treasury Department mandated the first architectural specifications for a bank vault. The FFIEC has attempted to do the same with her information security guidelines since 2001, yet these architectures are failing against the modern cybercriminal threat,” Tom Kellermann, CEO of Strategic Cyber Ventures and former member of World Bank's security team, wrote in an email to SCMagazine.com.
These gaps are exploited because the cyber vault has not evolved with the threat landscape. The security architecture of the U.S. financial system must evolve in order to combat these modern-day Dillinger gangs.”
In March, following the cyberheist, the Bangladesh central bank's director resigned and the Bangladeshi government announced it planned to sue the New York Fed.
The congressional committee is also seeking information the New York Fed may possess about individuals associated with the cyberattack. “The question of bringing those responsible to justice is an important one,” the letter read. “Those implicated include casino operators in the Phillipines, bank managers, and a Sri Lankan non-profit foundation leader.”