Federal Reserve Vulnerable to Hackers
Tuesday, December 29, 2015 @ 12:12 PM gHale
The Federal Reserve needs more cyber security protections in a key database, according to a summary report from the Inspector General (IG).
Compiled in the wake of a security control review of the board’s Statistics and Reserves system, known as STAR, the report finds that overall, “the Division of Monetary Affairs and the Division of Information Technology have taken several steps to implement information security controls.”
But the inspector general staff warned there are several cyber security deficiencies in the system.
“We found that improvements are needed in the Board’s security governance of STAR to ensure that information security controls are adequately implemented, assessed, authorized, and monitored,” the IG said.
The report includes six recommendations for improvements to security controls in certain areas, including planning, security assessment and authorization, contingency planning, auditing, access control, risk assessment and system, and information integrity.
Due to the sensitive nature of the information, the report itself did not end up publicly available, only a brief executive summary released. It remains unclear what specific security flaws concerned the inspector general.
Chris Finan, a Silicon Valley technology entrepreneur and member of the cyber-steering committee at the Center for National Policy, said his concern is hackers could exploit flaws to gain access to internal Fed statistical data. That feeds into a bigger trend in the cyber security space — fear hackers are manipulating data to some other purpose, rather than simply stealing data for profit.
“One scenario: Hackers subtly manipulate the data to influence a Fed decision,” he said. “Another: Hackers manipulate the data in an obvious way to make the Fed lose confidence in the system as a whole, slowing a key decision.”
Overall, “the biggest risk to the Fed is probably a loss of data integrity and the impact that would have on decisions,” Finan said.